https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270723#M1120033 <P>I am sure someone has a workaround, but the best way is to follow the process, renew the cert, and move on.</P> <P>Until you like to wait for other posters to post any other method or contacting TAC</P> Thu, 13 Mar 2025 07:53:11 GMT balaji.bandi 2025-03-13T07:53:11Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270269#M1120009 <P>Hello,</P> <P>I just tried to upgrade a customers FTD via FDM, but got the following error.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2025-03-12 100040.jpg" style="width: 350px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/241588i0C9F916C115AC7A2/image-dimensions/350x294?v=v2" width="350" height="294" role="button" title="2025-03-12 100040.jpg" alt="2025-03-12 100040.jpg" /></span></P> <P>Checking this bug -&nbsp;<A href="https://bst.cisco.com/bugsearch/bug/CSCwd11825?rfs=qvred" target="_self">FDM upgrade failure due to HTTPS cert expired</A>&nbsp;they mention we first need to break the H/A before generating and assign the new selfsigned certificate. Is this really necessary? I cannot remember I had to this before when creating and assigning new certificates.</P> <P>Thanks</P> <P>/Chess</P> Wed, 12 Mar 2025 09:09:40 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270269#M1120009 Chess Norris 2025-03-12T09:09:40Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270271#M1120010 <P>Check on the browser certificate, is this expired? (I have not seen this error anytime before)</P> <P>try a different browser, and see if the complaint is the same?</P> <P>As per the bug, you may need to fix the issue before you proceed with the upgrade.</P> <P>&nbsp;</P> Wed, 12 Mar 2025 09:20:37 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270271#M1120010 balaji.bandi 2025-03-12T09:20:37Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270275#M1120011 <P>Yes, it actually expired today. The FTD's are located far away from where I'm located, so need to be careful and not risking lossing access to the FDM. I'm not really sure what this certificate do, as I'm still able to login to the FDM even though the certificate is expired. If anyone else had this issue, how did you solved it? It's over 200 support cases opend on this bug, so I guess there must be quite alot of peoples with this issue.</P> <P>THnaks</P> <P>/Chess</P> Wed, 12 Mar 2025 09:32:47 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270275#M1120011 Chess Norris 2025-03-12T09:32:47Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270549#M1120028 <P>It's a dumb check, but yes if the cert is expired it stops the upgrade.</P> <P>Suspend, not break, HA on the <STRONG>standby&nbsp;</STRONG>FTD.</P> <P>Renew the internal cert on the <STRONG>active</STRONG>. Wait for the management int to come back up and verify the cert is in use.</P> <P>Resume HA on the&nbsp;<STRONG>standby</STRONG> and sync the pair.&nbsp;</P> Wed, 12 Mar 2025 19:53:39 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270549#M1120028 steeda 2025-03-12T19:53:39Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270723#M1120033 <P>I am sure someone has a workaround, but the best way is to follow the process, renew the cert, and move on.</P> <P>Until you like to wait for other posters to post any other method or contacting TAC</P> Thu, 13 Mar 2025 07:53:11 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270723#M1120033 balaji.bandi 2025-03-13T07:53:11Z https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270767#M1120035 <P>Quick follow-up. I found another self-signed certificate on the firewall that won’t expire until end of 2028, so I switched to that certificate instead. &nbsp;The upgrade still wouldn’t trigger until I deleted the expired Web Server certificate, but after removing that certificate I was able to start the upgrade.</P> <P>/Chess</P> Thu, 13 Mar 2025 08:41:58 GMT https://community.cisco.com/t5/network-security/expired-web-server-certificate-preventing-upgrade/m-p/5270767#M1120035 Chess Norris 2025-03-13T08:41:58Z