How certificates work

SMC servers and Secure SD-WAN Engines use certificates to identify each other in system communications, and to secure communications to external components.

Note: Do not confuse certificates with licenses. Certificates are proof of identity that components use to authenticate themselves in communications. Licenses are a proof of purchase used for ensuring that your organization is a legal license holder of the software.

To be able to communicate with other SMC components, each SMC server and Secure SD-WAN Engine must have a valid certificate.

Certificates can also be used:

For communication with some external components.
In VPNs for authentication between remote gateways.
By Secure SD-WAN Engines for TLS inspection.

By default, the certificates used in system communications are generated by the internal certificate authority (CA) that runs on the Management Server. You can optionally install the SMC with external certificate management to use certificates issued by an external CA.

Note: You can only configure the SMC to use external certificates when you install the SMC. It is not possible to change to using external certificates in an existing installation. In SMC 6.10, this feature is only available when you use the SMC Appliance.

For more information, see the Forcepoint FlexEdge Secure SD-WAN Installation Guide.