I believe I hit refresh or something and now is just has X in ID box (fail to configure identify certificate)?. I should click the re-enroll button correct? Says "This operation will generate Certificate Signing Request do you want to continue?" if I do. I am not all that familiar with the process.

@CiscoPurpleBelt if it is asking you to complete the CSR request, then you'll need to complete the CSR request, you then send this to the CA to get signed and then import the signed identity certificate - https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215849-certificate-installation-and-renewal-on.html

Is the cert basically not doing anything right now? The option to download the cert is greyed out. If I click to generate the request I assume there is a lot more for me to do in regards to that?

@CiscoPurpleBelt if you click generate CSR, there is an output (the CSR) which needs to be sent of to the signed. The CA will provided the signed certificate, you then import this to the FMC to complete the process.

Device is managed via FMC not FDM, but I guess its about Step 9 in the doc. I assume there is not harm being done since cert not doing anything? 

@CiscoPurpleBelt the FMC will automatically enroll the trustpoint on the FTD (push the certificate) you assign the identity certificate to. No harm if the trustpoint is not in use.

Looks self-signed as Issuer and Granter is same. Should I be uploading the same notepad file into the Step 2 box of Imort Identity Certificate window?

@CiscoPurpleBelt ok, what is the usage of this certificate? If for remote access VPN then you probably want to use a publically signed certificate rather than self-signed. The users will not receive certificate issue warnings then.

Yes understood about not using self signed. Yes authentication and for remote access would be the case.