Check when VPN gateway certificates expire

Certificates expire according to the information written in the certificate when it was generated

Before you begin

A signed certificate must be present.

By default, RSA certificates issued by the default certificate authority for VPN Gateway elements are renewed automatically. VPN Gateways never accept expired certificates.

  For more details about the product and how to configure features, click Help or press F1.


  1. Select Configuration, then browse to SD-WAN.
  2. Browse to Other Elements > Certificates > Gateway Certificates.
    The existing certificates are shown.
  3. See the Expiration Date column for information about the certificate’s expiration date.
    • You can renew internally signed certificates through their right-click menu. You must manually renew certificates if automated RSA certificate management is not active, or if the certificate was not signed by the default certificate authority. VPN client users might be prompted to accept the change of certificate.
    • Elements with no expiration date are certificate requests (Status: To be signed).