Renew Security Engine certificates
Security Engine certificates are renewed automatically. You might have to renew Security Engine certificates manually in some cases.
The following situations might require you to manually renew Security Engine certificates:
- A message indicates that the certificate for an Security Engine has expired.
- A message indicates that the certificate authority that signed the component’s certificate is about to expire or has expired. A new certificate authority has been created, and the engine requires a new certificate.
- Components refuse connection attempts with each other.
- You have created an ECDSA CA and the engine has lost connectivity to the Management Server. You might also have to manually enable 256-bit security strength for the engine.
If the certificate for system communications expires, the Security Engines continue processing traffic normally but all communications with other components stop. For clusters, traffic might be disrupted if expired certificates prevent nodes from synchronizing information. The same disruption can also happen if the internal certificate authority that signs the certificates for system communications is in the process of being renewed, and Security Engines do not have new certificates signed by the new internal certificate authority that the system has automatically created.
Security Engine certificates might expire if you have disabled automatic certificate renewal.
For more details about the product and how to configure features, click Help or
press F1.