Renew certificates for SMC components and NGFW Engines when certificate authorities expire

If a certificate authority is about to expire, the components that use certificates signed by the certificate authority require new certificates that are signed by a valid certificate authority.

Messages in the Management Client about expiring certificate authorities indicate that a certificate authority is about to expire, a new certificate authority has been automatically created, or a certificate authority has expired.

You might need to renew certificates for SMC components and NGFW Engines in the following cases:

  • The certificate authority that signed the certificate of a component is about to expire.
  • A certificate authority has been automatically renewed, and a new certificate must be generated for the component.
  • Components refuse connection attempts with each other.
  • Automatic certificate renewal for NGFW Engines fails.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Recertify the SMC servers.
  2. To use the new certificate on NGFW Engines after automatic certificate renewal, refresh the policy.
  3. If the automatic certificate renewal for NGFW Engines fails, renew the NGFW Engine certificates manually.