If web isolation on-prem customers use auto-generated server certificates, they need to be aware of when they're set to expire and have a process to renew them.

The script referenced in this article was only written for on-prem WI versions 1.13.x & 1.14.x customers who use auto-generated server certificates that are expired or close to expiry.

Like any cert, WI auto-generated server certs have an expiry date and should be regenerated before their expiration date.

1. Initial Verification
   First, verify how many days left before server certificate expiry for the various gateways.
   MGMT GUI > system configuration > system certificates
   The script can be executed when there's 30 days or less before expiration.  If gateways have different expiration dates, the script will only renew gateway certs that have 30 days or less before expiration.
   
   
2. Download & Run Script
   ssh into MGMT gateway and run the following syntax
   
   cd /tmp
   sudo fgcli fileserver download certificate_regeneration.tar.gz ./
   sudo tar -xzf certificate_regeneration.tar.gz
   cd certificate_script/
   sudo ./start.sh
   
   
3. Re-verification
   MGMT GUI > system configuration > system certificates
   Any gateway certificates that were 30 days or less will now have a new expiry date of 1 year

Only for customers who use WI's auto generated server certificates instead of their own custom certificates and running WI 1.13.x or 1.14.x