Export signed VPN gateway certificates or VPN certificate authority certificates
You can export signed gateway certificates, the certificates of the Internal RSA CA for Gateways, and the certificates of the Internal ECDSA CA for Gateways.
In most cases, it is not necessary to export signed VPN gateway certificates or VPN certificate authority certificates, but can be done as needed.
If the Secure SD-WAN Manager has created a new Internal RSA CA for Gateways or Internal ECDSA CA for Gateways to replace an expiring default certificate authority, you must export the certificate of the new default certificate authority. You must import the certificate on external gateways that use certificates signed by the default certificate authority or communicate with gateways that use certificates signed by the default certificate authority. If the external gateway itself uses a certificate signed by the default certificate authority, you must also create a new certificate for the external gateway.
You must export certificates that are created when an internal certificate authority signs an external certificate request at the time of signing the certificate request. They are not stored for exporting later.