Existing TLS certificates in Symantec Messaging Gateway (SMG) may be updated with another signed certificate to extend the validity date or to update other aspects of the certificate such as the message digest / hash algorithm used provided that the signed certificate meets the following criteria:

• The SMG system date is withing the validity date range of the updated certificate. 
• The new certificate has the same public key as the installed certificate i.e. it is not a new certificate
• The new certificate is in x509 format

 To update an existing certificate:

1. Log into the SMG control center as an administrator
2. Navigate to Administration->Certificates
3. Click Import
4. Select the certificate file to import
5. Click Import

The certificate will be compared with currently installed certificates and their private keys to determine which installed certificate to be updated so the installed certificate to be updated does not need to be selected. The operation will fail if the Control Center cannot match the imported certificate to an existing certificate. In that case the new certificate may have a different key length or public / private key. If the Control Center does not recognize the imported key as matching an existing key the new certificate may be imported using the normal procedure for importing a new certificate / key pair.

Once the certificate is updated, the Control Center will automatically update the scanners with the new certificate data.