Solved: Renew Certificate on FTD Managed by FMC - Page 2

mumbles202 · ‎02-28-2024

I have a certificate that is expiring next week. I following this article:

Install and Renew Certificates on FTD Managed by FMC - Cisco

for a Manual renewal. I got the CSR and the new certificate, but before I was able to import it into the FMC GUI it timed. Now when I go into the FMC GUI and go to Device --> Certificates I see the error "old certificate available, re-enroll is in progress. manual refresh required". It appears to be a clickable link, but nothing happens when I click it. I can try to regenerate another CSR and start the process all over again, but wondering if there is a way to get this corrected w/o doing that. I don't see an option like I'd see in an ASA to get the certificate imported to match the CSR.

mumbles202 · ‎03-04-2024

Thanks for that. Is there a way to get the private key from the FMC/FTD? If not I can just create a CSR and private key using OpenSSL and get a new cert issued and then create a pkcs12 file.

mumbles202 · ‎03-05-2024

Thanks for the help on this one. The first time I tried adding the pkcs12 file to the FTD it failed (added it under Objects --> PKI first, then under Devices --> Certificates), but when I went directly to Devices --> Certificates and then added it directly it went through and I was able to confirm it's being presented properly in a browser.