Under Network -> GlobalProtect -> Portals -> (Your portal) -> Authentication, take note of the SSL/TLS Service Profile You should probably do the same for your Gateway, in case it is different Under Device -> Certificate Management -> SSL/TLS Service Profile -> (Profile from above), take note of the certificate This is the certificate used by your Portal or Gateway Under Device -> Certificate Management -> Certificates, locate this certificate, and click "renew" at the bottom of the screen to generate a new CSR, export the CSR, submit it to your CA, Import the new certificate (and signing chain, if it changes) Update the SSL/TLS Service Profile(s) with the new certificate(s) you can see the expiration dates of any certificates you have on teh Certificates page, in case any more are expiring soon. It often takes a few days to renew a certificate so it pays to be pro-active here
... View more