Renew certificates for Secure SD-WAN Manager components and Engines when certificate authorities expire

If a certificate authority is about to expire, the components that use certificates signed by the certificate authority require new certificates that are signed by a valid certificate authority.

Messages in the Management Client about expiring certificate authorities indicate that a certificate authority is about to expire, a new certificate authority has been automatically created, or a certificate authority has expired.

You might need to renew certificates for Secure SD-WAN Manager components and Engines in the following cases:

  • The certificate authority that signed the certificate of a component is about to expire.
  • A certificate authority has been automatically renewed, and a new certificate must be generated for the component.
  • Components refuse connection attempts with each other.
  • Automatic certificate renewal for Engines fails.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Recertify the Secure SD-WAN Manager servers.
  2. To use the new certificate on Engines after automatic certificate renewal, refresh the policy.
  3. If the automatic certificate renewal for Engines fails, renew the Engine certificates manually.