Renew certificates for SMC components and Security Engines when certificate authorities expire
If a certificate authority is about to expire, the components that use certificates signed by the certificate authority require new certificates that are signed by a valid certificate authority.
Messages in the SMC Client about expiring certificate authorities indicate that a certificate authority is about to expire, a new certificate authority has been automatically created, or a certificate authority has expired.
You might need to renew certificates for SMC components and Security Engines in the following cases:
- The certificate authority that signed the certificate of a component is about to expire.
- A certificate authority has been automatically renewed, and a new certificate must be generated for the component.
- Components refuse connection attempts with each other.
- Automatic certificate renewal for Security Engines fails.
For more details about the product and how to configure features, click Help or
press F1.
Steps
- Re-certify the SMC servers.
- To use the new certificate on Security Engines after automatic certificate renewal, refresh the policy.
- If the automatic certificate renewal for Security Engines fails, renew the Security Engine certificates manually.