Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
1
Helpful
2
Replies

FMC: Automatic renew certificates?

Network Diver
Level 3
Level 3

‎05-13-2025 11:57 PM

Hello,

Managing certificates is getting more and more a nightmare as the valid lifetime will be reduced to 47 days, especially on devices and virtual appliances that don't support any kind of automatic renewal protocol.

47-day-certificate-lifespan-what-to-expect.png

What are the options in FMC to automatically renew VPN peer certificates signed by an external public CA? Currently FMC 7.4 only supports EST and SCEP enrollment. [1] None of them supports automatic renewal. Also latest FMC 7.7 does not support ACME. We also use the VPN peer certificate for signing SAML requests for Microsoft EntraID, so renewing a certificate for a VPN peer involves multiple manual steps.

[1] https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/objects-certs.html

[2] https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/770/management-center-device-config-77/objects-certs.html

 

 

1 person had this problem
2 Replies 2

Network Diver
Level 3
Level 3

‎06-24-2025 12:14 AM - edited ‎06-24-2025 12:50 AM

Any outlook when FMC will support ACME for certificate renewals?
There's an enhancement request for this: https://bst.cisco.com/quickview/bug/CSCvi00886

0 Helpful

MHM Cisco World
VIP
VIP

‎06-24-2025 12:55 AM

Thanks for sharing 

Have a nice day 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card