[Detail]

Self-signed ProxySG-generated certificates have validity of 2 years since SGOS5.3.

This includes 'default' and 'passive-attack-protection-only-key' certificates.

Management Console login uses the "default" certificate.

The reasoning is convenience  vs. security.

[Resolution plan 1]

If you want a certificate that is valid for 10 years, you can obtain a keyring/certificate from an external Certificate Authority (CA) and import it into the ProxySG appliance.

[Resolution plan 2]

Even if your certificate expires, you can log in to the ProxySG appliance. You can generate a new self-signed key for the appliance.

You can remake the key for the Management Console by selecting Configuration>SSL>Keyrings.

Add the newly created key by selecting  Configuration>Service>Management Service>HTTPS-Console>Keyring.

This extends the validity of the certificate for two years.