Modify PKI Settings for Selected Sites
The VPN authentication settings for a tenant are configured when the tenant is onboarded. If PKI Certificate is configured as the authentication type, tenant administrators can modify the PKI settings even after adding sites for the tenant. The changed settings are applicable to all existing sites of the tenant and to sites that the tenant might add later. To change the PKI settings for all sites in the tenant, see Modify PKI Settings for All Sites.
You can perform the following actions on the selected sites:
Change the method of renewing PKI certificates:
Note:You can change the renewal method of PKI certificates for sites in a tenant only if you set the certificate renewal method for the tenant to automatic (that is, if you enable the Auto Renew Certificate toggle button).
Do the following:
Select Administration > Certificate Management > VPN Authentication.
The VPN Authentication page appears.
Select one or more sites from the list of available sites and click Change Renewal Method.
A drop-down list appears.
From the list, choose the renewal method (Set Auto Renew or Set Manual Renew).
The Edit Certificate Renewal Method page appears asking you to confirm the renewal method.
Click Yes to change the renewal method.
You are returned to the VPN Authentication page, where a confirmation message appears indicating that the certificate renewal method is updated. The Renewal method column on the VPN Authentication page displays the updated renewal method for the selected sites.
Manually renew certificates:
Select Administration > Certificate Management > VPN Authentication.
The VPN Authentication page appears.
Select one or more sites from the list of available sites and click Renew Certificate.
The Confirm Renew Certificate page appears.
Click Yes to manually renew the certificates.
You are returned to the VPN Authentication page, where a confirmation message appears indicating that a certificate renewal job is triggered.
You can click the job link in the message to view the job details, or view the details on the Jobs (Monitor > Jobs) page.
Note:The certificate renewal job is not executed for sites that are down or that do not have connectivity to CSO at the time that the job is triggered.
If the job is completed successfully, a confirmation message appears on the VPN Authentication page.