https://www.youtube.com/watch?v=tAIdcZ3EBiw
In our case the sub ordinate CA cert had expired and users were getting certificate errors opening emails etc.
Go to
Objects -> Object Management -> PKI -> Internal CA's ->
If you edit the old cert you can see when it expired "Not Valid After:"
Cancel from this screen
Click Generate CA buttion at the top
Fill in details
Name: firewall.customer.com
Common Name: firewall.customer.com
Click Generate CSR button
Copy the CSR into a notepad
Now go to your internal CA and request the cert
Login with username and password
Request a cert
Advanced certificate request
Paste the CSR created earlier
Choose the certificate template for Subordinate CA. If its not there that is a separate issue which needs to be resolved on the CA server by windows team.
Click Submit
Choose DER encoded and download the signed cert
Go back to FMC
Install the signed cert, click browse and select the downloaded cert file.
Now go into your SSL policy and edit any decrypt/resign rules and change to the new cert and push the policy.
You can now delete the old cert.
No comments:
Post a Comment