Each ProxySG appliance contains a SSL keyring certificate in its configuration backup. This aricle shows how you can seperate the SSL Keyring certificate information from the configuration backup, thereby not pushing out configurations that do not contain unique certificates.
NOTE: This article does not expose your appliance birth certificate in the backups. They are never exposed in any text related file on the SG, or Director. To renew this, you need to RMA the device.
NOTE: This solution has two main steps to it. We assume you already have a created profile you want to push out:
1: Procedure to create overlay for each ProxySG with its SSL certificates
NOTE: You will need to repeat these steps for each ProxySG, creating a unique overlay file for all of them.
2: Creating a job to push the Golden profile out with each SSL overlay.
NOTE: Repeat the above steps to create the Push Overlay actions to all ProxySG to push SSL overlays to, as seen in the screenshot below.
NOTES: After creating all actions, select the OK to create each Job. If you execute the created job first it will push the profile to the ProxySGs and after that it will start pushing to the SSL overlays to corresponding ProxySGs.