Situation: The client has been using self-assigned certificate. They just imported third party certificate.
However, it doesn’t work. It still shows using self-assigned certificate.
Troubleshooting: You need to add the new certificate to SSL/TLS Service Profile. SSL/TLS Service Profile>SSL Profile.
In Certificate select the new certificate you just imported.
It should look like this:
PA Support summery
1. We discussed the issue, which is about the issue of importing the certificate into the passive firewall.
2. We checked that the passive firewall is out of sync.
3. We tried to sync but as it’s due to a certificate we could not sync it.
4. We exported the certificate from the active firewall using the passphrase.
5. We then imported the certificate into the passive firewall using the passphrase.
6. We then checked the firewall which was out of sync.
7. We then tried to sync but were not syncing.
8. We tried with management restart but could not sync again.
9. We then took the Active firewall running configuration.
10. We then imported and loaded the running configuration of the active firewall in passive.
11. We then did the commit after that we can see that the HA pair are in sync.