how to renew the saml certificate on firebox (onprem) for SSL VPN?

masterofdebian · November 18

Hallo,

i want to renew the Saml Certificate on our firebox. But i can't found any Option to replace the X509 Certificate for saml. Please help.

Thanks a lot.

james.carson · November 19

Hi @masterofdebian
If there is no option to renew it, erasing the certificate and rebooting the firewall should force it to regenerate on bootup.

You can see the certs in Firebox System Manager under View -> Certificates, or in WebUI under System -> Certificates.

Manage Certificates:
WatchGuard System Manager: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_manage_with_fsm_wsm.html

WebUI: https://www.watchguard.com/help/docs/help-center/en-US/content/en-US/Fireware/certificates/cert_manage_with_webui_web.html

Cloud Managed: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/certificates_manage.html

masterofdebian · November 19

Hello James,
We have a Firebox cluster with a master and a backup master. Do I need to break the cluster apart before rebooting a member?

Thanks a lot

masterofdebian · November 19

Hi James,
Another idea: what if I deactivate SAML authentication first and then enable it again? Will the Firebox generate a new certificate for SAML?

Thanks!

james.carson · November 20

Hi @masterofdebian the certs should sync - You can use the CLI command cluster sync certificates if you'd like to force it, or if it's not happening quickly enough.

how to renew the saml certificate on firebox (onprem) for SSL VPN?

Comments