Hello kyle-hsuan,

Can you tell me if the following helps?

Regenerating a self-signed HTTPS certificate on your FortiWAN device can temporarily affect services that rely on that certificate. Here are a few points to consider:

1. Service Interruption: During the regeneration process, there may be a brief interruption in the HTTPS service as the new certificate is applied. Users trying to access the service may encounter errors until the new certificate is fully in place.

2. Trust Issues: If you are using a self-signed certificate, clients (browsers, applications) that connect to the service may not automatically trust the new certificate unless they have been configured to accept it. This can lead to warnings or errors for users.
   
   

3. Update Configuration: After regenerating the certificate, ensure that any configurations that depend on the certificate are updated accordingly. This includes any client devices that need to trust the new certificate.
   
   

4. Plan for Downtime: If possible, plan to regenerate the certificate during a maintenance window or a time of low usage to minimize the impact on users.
   
   

To minimize service disruption, it’s advisable to inform users ahead of time and ensure that all necessary configurations are in place before making the change.

To regenerate a self-signed HTTPS certificate on FortiWAN, you can follow these steps:

1. Log in to the FortiWAN Web Interface: Open your web browser, enter the IP address of your FortiWAN device, and log in with your administrator credentials.
   
   

2. Access the Certificates Section:

   • Navigate to the System menu.
   • Select Certificates or Certificate Management, depending on your version of FortiWAN.
     
     

3. Delete the Existing Certificate (if necessary): If you want to replace the existing self-signed certificate, you may need to delete it first. Ensure you have a backup or that you are prepared to replace it.
   
   

4. Generate a New Self-Signed HTTPS Certificate:

   • Look for an option like Create New or Generate.
   • Fill in the required fields, such as:
     • Common Name (CN): This is usually the domain name or IP address of your FortiWAN.
     • Organization: Your organization's name.
     • Validity Period: Set how long the certificate will be valid.
   • Save the new certificate.
     
     

5. Apply the New Certificate:

   • Ensure that the new certificate is applied to the HTTPS service. This may involve selecting the new certificate in the HTTPS settings for the management interface.
     
     

6. Test the Configuration: After regenerating the certificate, test to ensure that the HTTPS service is functioning correctly and that the new certificate is being recognized by browsers.