Renew certificates for SMC components and NGFW Engines when certificate authorities expire
If a certificate authority is about to expire, the components that use certificates signed by the certificate authority require new certificates that are signed by a valid certificate authority.
Messages in the Management Client about expiring certificate authorities indicate that a certificate authority is about to expire, a new certificate authority has been automatically created, or a certificate authority has expired.
You might need to renew certificates for SMC components and NGFW Engines in the following cases:
- The certificate authority that signed the certificate of a component is about to expire.
- A certificate authority has been automatically renewed, and a new certificate must be generated for the component.
- Components refuse connection attempts with each other.
- Automatic certificate renewal for NGFW Engines fails.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Recertify the SMC servers.
- To use the new certificate on NGFW Engines after automatic certificate renewal, refresh the policy.
- If the automatic certificate renewal for NGFW Engines fails, renew the NGFW Engine certificates manually.