https://live.paloaltonetworks.com/t5/globalprotect-discussions/renew-global-protect-gateway-amp-portal-certificates/m-p/455023#M2242 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/204219">@malayalamitlokam</a> ,</P><P>&nbsp;</P><P>It's easy.&nbsp; Simply import the new certificate, and it will replace the existing one.&nbsp; I would export the existing certificate and key just in case.&nbsp; Since your existing configuration works, I would give the new certificate the same name so I don't have to change the configuration.</P><P>&nbsp;</P><P>Depending on the CA, you should be able to get a new cert with the same private key.&nbsp; In which case you would not need to import the private key.&nbsp; This is a good doc for reference -&gt; <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK</A>.&nbsp; One thing I don't like about the doc is that it says you should import the server (portal, gateway) cert with the private key.&nbsp; This is not necessary if you generated the CSR and key from the Palo Alto or you are re-using the existing private key.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Tom</P> Wed, 22 Dec 2021 17:06:28 GMT TomYoung 2021-12-22T17:06:28Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/renew-global-protect-gateway-amp-portal-certificates/m-p/454870#M2240 <P>Hi All,</P><P>&nbsp;</P><P>Greetings,</P><P>&nbsp;</P><P>We are using certificate from external CA for Global Protect Portal and Gateway which is currently in production.&nbsp;</P><P>&nbsp;</P><P>It is expiring next week. What will be the best way to renew the certificate.</P><P>&nbsp;</P><P>Thank &amp; Regards</P><P>S Prasad</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 22 Dec 2021 05:07:06 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/renew-global-protect-gateway-amp-portal-certificates/m-p/454870#M2240 malayalamitlokam 2021-12-22T05:07:06Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/renew-global-protect-gateway-amp-portal-certificates/m-p/455023#M2242 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/204219">@malayalamitlokam</a> ,</P><P>&nbsp;</P><P>It's easy.&nbsp; Simply import the new certificate, and it will replace the existing one.&nbsp; I would export the existing certificate and key just in case.&nbsp; Since your existing configuration works, I would give the new certificate the same name so I don't have to change the configuration.</P><P>&nbsp;</P><P>Depending on the CA, you should be able to get a new cert with the same private key.&nbsp; In which case you would not need to import the private key.&nbsp; This is a good doc for reference -&gt; <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK</A>.&nbsp; One thing I don't like about the doc is that it says you should import the server (portal, gateway) cert with the private key.&nbsp; This is not necessary if you generated the CSR and key from the Palo Alto or you are re-using the existing private key.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Tom</P> Wed, 22 Dec 2021 17:06:28 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/renew-global-protect-gateway-amp-portal-certificates/m-p/455023#M2242 TomYoung 2021-12-22T17:06:28Z