Renew Secure SD-WAN Engine certificates
Secure SD-WAN Engine certificates are renewed automatically. You might have to renew Secure SD-WAN Engine certificates manually in some cases.
The following situations might require you to manually renew Secure SD-WAN Engine certificates:
- A message indicates that the certificate for an Secure SD-WAN Engine has expired.
- A message indicates that the certificate authority that signed the component’s certificate is about to expire or has expired. A new certificate authority has been created, and the engine requires a new certificate.
- Components refuse connection attempts with each other.
- You have created an ECDSA CA and the engine has lost connectivity to the Management Server. You might also have to manually enable 256-bit security strength for the engine.
If the certificate for system communications expires, the Secure SD-WAN Engines continue processing traffic normally but all communications with other components stop. For clusters, traffic might be disrupted if expired certificates prevent nodes from synchronizing information. The same disruption can also happen if the internal certificate authority that signs the certificates for system communications is in the process of being renewed, and Secure SD-WAN Engines do not have new certificates signed by the new internal certificate authority that the system has automatically created.
Secure SD-WAN Engine certificates might expire if you have disabled automatic certificate renewal.
For more details about the product and how to configure features, click Help or
press F1.