Recertify Secure SD-WAN Manager servers
You must renew Secure SD-WAN Manager server certificates when the certificates are about to expire or have expired.
The following situations require you to renew Secure SD-WAN Manager server certificates:
- A message indicates that the certificate of a Management Server, Log Server, or Web Portal Server is about to expire or has expired.
- A message indicates that the certificate authority that signed the certificate of a Management Server, Log Server, or Web Portal Server is about to expire. A new certificate authority has been created, and the server requires a new certificate.
- The Secure SD-WAN Manager components refuse communication attempts with each other.
If the Management Server certificate expires, it is not possible to log on using the Management Client. Log Server certificate expiration or loss prevents log browsing, reporting, and status monitoring from working correctly, and forces the engines to spool logs locally.
You can renew the certificates of any of the Secure SD-WAN Manager servers without affecting the other components.
When administrators log on to the Management Client or to the Web Portal for the first time after the server’s certificate is changed, they receive a notification of the certificate fingerprint change on the Management Server or Web Portal Server. If you want to check the certificate fingerprint before accepting it, run the sgShowFingerprint command on the server.