Renew NGFW Engine certificates
NGFW Engine certificates are renewed automatically. You might have to renew NGFW Engine certificates manually in some cases.
The following situations might require you to manually renew NGFW Engine certificates:
- A message indicates that the certificate for an NGFW Engine has expired.
- A message indicates that the certificate authority that signed the component’s certificate is about to expire or has expired. A new certificate authority has been created, and the engine requires a new certificate.
- Components refuse connection attempts with each other.
- You have created an ECDSA CA and the engine has lost connectivity to the Management Server. You might also have to manually enable 256-bit security strength for the engine.
If the certificate for system communications expires, the NGFW Engines continue processing traffic normally but all communications with other components stop. For clusters, traffic might be disrupted if expired certificates prevent nodes from synchronizing information. The same disruption can also happen if the internal certificate authority that signs the certificates for system communications is in the process of being renewed, and NGFW Engines do not have new certificates signed by the new internal certificate authority that the system has automatically created.
NGFW Engine certificates might expire if you have disabled automatic certificate renewal.
For more details about the product and how to configure features, click Help or
press F1.