We have a certificate expiring and we just uploaded the new certificate to take its place. To avoid downtime, we haven't revoked the soon to expire cert and have the other one imported already. They are both in valid state.
When the first one expires, will the 2nd (new) cert "take its place" automatically? Or will there need to be some manual intervention at that time?
This really depends on what you're using the certificate for. The certificate itself is a completely different object, so if your using it in a a certificate-profile it'll need to be included, or if your using it in a ssl-tls-service-profile it'll need to be updated.
If your just using it to establish certificate trust (for example like a root CA) then importing it and setting it as a trusted-root-ca then the import is really all you need.
Thank you for the reply!
Researching this, the existing is used in a certificate profile, so I would need to switch it over.
Is there a way to do so with no downtime? As in, if I were to just change the Certificate value in the existing Certificate Management > SSL/TLS Profile to the new certificate object's name, would that be in immediate change after commiting it with no downtime/breaking live GlobalProtect users' sessions?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!