Renew an internally signed certificate for a VPN Gateway element
New certificates signed by the new default certificate authority are automatically created for VPN Gateway elements. You must manually create and renew any certificates that are not signed by the default certificate authority.
If you have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways, only one certificate authority can be selected as the default certificate authority. If automatic RSA certificate management is activated for an NGFW Engine, RSA certificates issued by the default certificate authority are renewed automatically as long as the certificate-related files, including the private key stored on the engines, are intact. You must manually create and renew any other certificates that are not signed by the default certificate authority.
For more details about the product and how to configure features, click Help or press F1.