- FMOS version is between 8.15.x and 8.20.x
- The FireMon server has been running between the above versions for less than 1 year.
About the internal certificates used for the FMOS ecosystem
- All certificates will be expiring one year from the date of install.
- There is a specific health check that is run in FMOS to check the status of certificates. These alerts are displayed on the Server Control Panel dashboard, or in the CLI when running fmos health -d.
- The ability to resolve certificate issues is dependent on 8.21. So, it is critical that you migrate to 8.21 before the year anniversary of your original install.
- The information below applies to a distributed (AS and DB separate) environment, but if you have a combo (AS+DB) server, the steps to renew certificates is the same as the steps in the How to solve on DB section.
How to Solve on DB
Within 30 days of the certificate expiring, customers must be updated to 8.21.x or newer and do one of the following to renew the certificates:
- fmos redeploy
- fmos update
When FMOS identifies that certificates are within 30 days of expiring and one of these two operations take place, then it will automatically renew the certificates for another year.
How to Solve on AS
Renew on DB:
Within 30 days of the certificate expiring, customers must be updated to 8.21.x or newer. After the DB has had its certificates renewed, run the following command: fmos ecosystem refresh
This will request new certificates from the DB and everything will be good for another year.
If Certificates have Already Expired
Immediately create a support ticket to resolve.
Article is closed for comments.