Hi Team,
We have PA self signed certificate in the firewall being used for SSL Decryption, the certificate is about to expire
From GUI we can able to renew for another one year but our concern
Will it automatically replace the existing certificate in end machine
Or do we need to push the new certificate to end machines to take effect
Or no action required
Kindly suggest the best practice
Hi Vishnu For a regular certificate you'd need to update the users as the browser won't automatically learn about the new expiry Self signed certificates may be a little more forgiving when it comes to expirations as there's no crl or ocsp etc If possible extend the certificate for longer than a year and update the users