Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
108
Views
2
Helpful
5
Replies

Expired Web server certificate preventing upgrade

Go to solution
Chess Norris
Level 4
Level 4

‎03-12-2025 02:09 AM

Hello,

I just tried to upgrade a customers FTD via FDM, but got the following error.

2025-03-12 100040.jpg

Checking this bug - FDM upgrade failure due to HTTPS cert expired they mention we first need to break the H/A before generating and assign the new selfsigned certificate. Is this really necessary? I cannot remember I had to this before when creating and assigning new certificates.

Thanks

/Chess

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
steeda
Level 1
Level 1
In response to Chess Norris

‎03-12-2025 12:53 PM

It's a dumb check, but yes if the cert is expired it stops the upgrade.

Suspend, not break, HA on the standby FTD.

Renew the internal cert on the active. Wait for the management int to come back up and verify the cert is in use.

Resume HA on the standby and sync the pair. 

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-12-2025 02:20 AM

Check on the browser certificate, is this expired? (I have not seen this error anytime before)

try a different browser, and see if the complaint is the same?

As per the bug, you may need to fix the issue before you proceed with the upgrade.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Chess Norris
Level 4
Level 4
In response to balaji.bandi

‎03-12-2025 02:32 AM

Yes, it actually expired today. The FTD's are located far away from where I'm located, so need to be careful and not risking lossing access to the FDM. I'm not really sure what this certificate do, as I'm still able to login to the FDM even though the certificate is expired. If anyone else had this issue, how did you solved it? It's over 200 support cases opend on this bug, so I guess there must be quite alot of peoples with this issue.

THnaks

/Chess

0 Helpful

Go to solution
steeda
Level 1
Level 1
In response to Chess Norris

‎03-12-2025 12:53 PM

It's a dumb check, but yes if the cert is expired it stops the upgrade.

Suspend, not break, HA on the standby FTD.

Renew the internal cert on the active. Wait for the management int to come back up and verify the cert is in use.

Resume HA on the standby and sync the pair. 

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Chess Norris

‎03-13-2025 12:53 AM

I am sure someone has a workaround, but the best way is to follow the process, renew the cert, and move on.

Until you like to wait for other posters to post any other method or contacting TAC

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4

‎03-13-2025 01:41 AM

Quick follow-up. I found another self-signed certificate on the firewall that won’t expire until end of 2028, so I switched to that certificate instead.  The upgrade still wouldn’t trigger until I deleted the expired Web Server certificate, but after removing that certificate I was able to start the upgrade.

/Chess

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card