This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

My Global protect VPN certificate is expiring soon. How to renew it

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

My Global protect VPN certificate is expiring soon. How to renew it

Go to solution
shafi021
L2 Linker

‎05-14-2020 07:22 AM

My Global protect VPN certificate is expiring soon. How to renew the certificate. System engineer provider me certificate in .p12 format. This is my first time to do cert renewal. Please guide me. Thank you.

1 person had this problem.
0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
OwenFuller
L4 Transporter
In response to shafi021

‎05-14-2020 07:40 AM

I assume you mean the portal/gateway server certificate is expiring.  You should be able to go to Device > Certificates > Import.  From there you can select "Encrypted Private Key and Certificate (PCKS12) from the File Format drop-down menu.  You'll need the password used by the sysadmin to encrypt the certificate as well.  

OwenFuller_0-1589466888167.png

Once you've imported the new certificate, you'll want to go to Device > SSL/TLS Service Profile, open whichever SSL/TLS profile is used on your GlobalProtect gateway/portal, and select your new cert in the certificate drop-down.

OwenFuller_1-1589467184936.png

 

 

View solution in original post

Go to solution
OwenFuller
L4 Transporter
In response to shafi021

‎05-14-2020 08:16 AM

Personally, I would wait to revoke the other certificate until you have the new certificate imported and tested, just in case you have to roll back your changes, but that's just my opinion.  If you go this route, you'll need to give them different names.  You can rename the old one, or give the new one a different name like MyCompanyName-2020-2021 for the dates the certificate is valid.  Whatever you want, just so they are different.

View solution in original post

9 REPLIES 9

Go to solution
shafi021
L2 Linker

‎05-14-2020 07:25 AM - edited ‎05-14-2020 07:25 AM

@OwenFuller can you please help me on this 🙂

0 Likes Likes

Go to solution
OwenFuller
L4 Transporter
In response to shafi021

‎05-14-2020 07:40 AM

I assume you mean the portal/gateway server certificate is expiring.  You should be able to go to Device > Certificates > Import.  From there you can select "Encrypted Private Key and Certificate (PCKS12) from the File Format drop-down menu.  You'll need the password used by the sysadmin to encrypt the certificate as well.  

OwenFuller_0-1589466888167.png

Once you've imported the new certificate, you'll want to go to Device > SSL/TLS Service Profile, open whichever SSL/TLS profile is used on your GlobalProtect gateway/portal, and select your new cert in the certificate drop-down.

OwenFuller_1-1589467184936.png

 

 

Go to solution
shafi021
L2 Linker
In response to OwenFuller

‎05-14-2020 07:46 AM

Yes, I have password for cert. Thanks Owen. You are so helpful. 

Go to solution
shafi021
L2 Linker
In response to shafi021

‎05-14-2020 08:04 AM - edited ‎05-14-2020 08:10 AM

@OwenFuller My existing cert name is 'MyCompanyName'. I want to use same name 'MyCompanyName' for new cert, so do I need to revoke  old 'MyCompanyName' cert first and then import the new cert with same name? I have scheduled maintenance window.

0 Likes Likes

Go to solution
OwenFuller
L4 Transporter
In response to shafi021

‎05-14-2020 08:16 AM

Personally, I would wait to revoke the other certificate until you have the new certificate imported and tested, just in case you have to roll back your changes, but that's just my opinion.  If you go this route, you'll need to give them different names.  You can rename the old one, or give the new one a different name like MyCompanyName-2020-2021 for the dates the certificate is valid.  Whatever you want, just so they are different.

Go to solution
shafi021
L2 Linker
In response to OwenFuller

‎05-14-2020 08:26 AM

I agree with you. Thanks a lot.

0 Likes Likes

Go to solution
ITCoordinator
L1 Bithead
In response to OwenFuller

‎02-19-2022 11:38 PM

Hi OwenFuller,

 

I'm also the first time to renew our GP VPN device certificates. But my certificates just expired today. 

And I checked our old device certificates, it doesn't have the "CA".

When I renew it, do I need to import certificates ".pem" file or "pkcs12"? I don't want to change any current VPN configuration.

I have totally no idea how to do it. Thanks a lot!
Screen Shot 2022-02-19 at 11.33.24 PM.png

0 Likes Likes

Go to solution
Kevin9722
L0 Member
In response to OwenFuller

‎02-20-2022 10:42 PM

The solution worked for me thanks to the community and the members for the solution.

Go to solution
D.Unroe
L0 Member
In response to OwenFuller

‎02-18-2025 12:25 PM

in addition to updating the cert in the above locations I found that I also needed to update it under the Agent Config for Authentication Override

DUnroe_0-1739910274171.png

 

0 Likes Likes
  • 2 accepted solutions
  • 35183 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks