Renew Web Isolation Gateway Server Certificates Set To Expire
book
Article ID: 226479
calendar_today
Updated On:
Products
Web IsolationWeb Isolation Cloud
Issue/Introduction
If web isolation on-prem customers use auto-generated server certificates, they need to be aware of when they're set to expire and have a process to renew them.
Environment
The script referenced in this article was only written for on-prem WI versions 1.13.x & 1.14.x customers who use auto-generated server certificates that are expired or close to expiry.
Cause
Like any cert, WI auto-generated server certs have an expiry date and should be regenerated before their expiration date.
Resolution
Initial Verification First, verify how many days left before server certificate expiry for the various gateways. MGMT GUI > system configuration > system certificates The script can be executed when there's 30 days or less before expiration. If gateways have different expiration dates, the script will only renew gateway certs that have 30 days or less before expiration.
Download & Run Script ssh into MGMT gateway and run the following syntax
cd /tmp sudo fgcli fileserver download certificate_regeneration.tar.gz ./ sudo tar -xzf certificate_regeneration.tar.gz cd certificate_script/ sudo ./start.sh
Re-verification MGMT GUI > system configuration > system certificates Any gateway certificates that were 30 days or less will now have a new expiry date of 1 year
Additional Information
Only for customers who use WI's auto generated server certificates instead of their own custom certificates and running WI 1.13.x or 1.14.x