search cancel

Renew Web Isolation Gateway Server Certificates Set To Expire

book

Article ID: 226479

calendar_today

Updated On:

Products

Web Isolation Web Isolation Cloud

Issue/Introduction

If web isolation on-prem customers use auto-generated server certificates, they need to be aware of when they're set to expire and have a process to renew them.

Cause

Like any cert, WI auto-generated server certs have an expiry date and should be regenerated before their expiration date.

Environment

The script referenced in this article was only written for on-prem WI versions 1.13.x & 1.14.x customers who use auto-generated server certificates that are expired or close to expiry.

Resolution

  1. Initial Verification
    First, verify how many days left before server certificate expiry for the various gateways.
    MGMT GUI > system configuration > system certificates
    The script can be executed when there's 30 days or less before expiration.  If gateways have different expiration dates, the script will only renew gateway certs that have 30 days or less before expiration.

  2. Download & Run Script
    ssh into MGMT gateway and run the following syntax

    cd /tmp
    sudo fgcli fileserver download certificate_regeneration.tar.gz ./
    sudo tar -xzf certificate_regeneration.tar.gz
    cd certificate_script/
    sudo ./start.sh

  3. Re-verification
    MGMT GUI > system configuration > system certificates
    Any gateway certificates that were 30 days or less will now have a new expiry date of 1 year

Additional Information

Only for customers who use WI's auto generated server certificates instead of their own custom certificates and running WI 1.13.x or 1.14.x