My Global protect VPN certificate is expiring soon. How to renew it

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

My Global protect VPN certificate is expiring soon. How to renew it

My Global protect VPN certificate is expiring soon. How to renew the certificate. System engineer provider me certificate in .p12 format. This is my first time to do cert renewal. Please guide me. Thank you.

Tags (1)

Accepted Solutions
Highlighted
L4 Transporter

I assume you mean the portal/gateway server certificate is expiring.  You should be able to go to Device > Certificates > Import.  From there you can select "Encrypted Private Key and Certificate (PCKS12) from the File Format drop-down menu.  You'll need the password used by the sysadmin to encrypt the certificate as well.  

OwenFuller_0-1589466888167.png

Once you've imported the new certificate, you'll want to go to Device > SSL/TLS Service Profile, open whichever SSL/TLS profile is used on your GlobalProtect gateway/portal, and select your new cert in the certificate drop-down.

OwenFuller_1-1589467184936.png

 

 

View solution in original post

Highlighted
L4 Transporter

Personally, I would wait to revoke the other certificate until you have the new certificate imported and tested, just in case you have to roll back your changes, but that's just my opinion.  If you go this route, you'll need to give them different names.  You can rename the old one, or give the new one a different name like MyCompanyName-2020-2021 for the dates the certificate is valid.  Whatever you want, just so they are different.

View solution in original post


All Replies
Highlighted
L2 Linker

@OwenFuller can you please help me on this

Highlighted
L4 Transporter

I assume you mean the portal/gateway server certificate is expiring.  You should be able to go to Device > Certificates > Import.  From there you can select "Encrypted Private Key and Certificate (PCKS12) from the File Format drop-down menu.  You'll need the password used by the sysadmin to encrypt the certificate as well.  

OwenFuller_0-1589466888167.png

Once you've imported the new certificate, you'll want to go to Device > SSL/TLS Service Profile, open whichever SSL/TLS profile is used on your GlobalProtect gateway/portal, and select your new cert in the certificate drop-down.

OwenFuller_1-1589467184936.png

 

 

View solution in original post

Highlighted
L2 Linker

Yes, I have password for cert. Thanks Owen. You are so helpful. 

Highlighted
L2 Linker

@OwenFuller My existing cert name is 'MyCompanyName'. I want to use same name 'MyCompanyName' for new cert, so do I need to revoke  old 'MyCompanyName' cert first and then import the new cert with same name? I have scheduled maintenance window.

Highlighted
L4 Transporter

Personally, I would wait to revoke the other certificate until you have the new certificate imported and tested, just in case you have to roll back your changes, but that's just my opinion.  If you go this route, you'll need to give them different names.  You can rename the old one, or give the new one a different name like MyCompanyName-2020-2021 for the dates the certificate is valid.  Whatever you want, just so they are different.

View solution in original post

Highlighted
L2 Linker

I agree with you. Thanks a lot.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!