Updated on 2024-11-29 GMT+08:00

Replacing the Certificate of a Customer Gateway

Scenario

When the CA certificate of a customer gateway that uses SM series cryptographic algorithms expires or becomes invalid, you need to replace the CA certificate.

After the CA certificate is replaced, the customer gateway needs to use the SM certificate issued based on the new CA certificate to renegotiate with the VPN gateway. Otherwise, VPN connections will be disconnected.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner of the page, and choose Networking > Virtual Private Network.
  4. In the navigation pane on the left, choose Virtual Private Network > Enterprise – Customer Gateways.
  5. On the Customer Gateways page, click the name of the target customer gateway.
  6. In the CA Certificate area, click Replace.
  7. Set parameters as prompted.

    Table 1 describes the parameters for replacing the CA certificate of a customer gateway.

    Table 1 Parameters for replacing the CA certificate of a customer gateway

    Parameter

    Description

    Example Value

    Upload a certificate

    CA certificate of the customer gateway.

    -----BEGIN CERTIFICATE-----

    CA certificate

    -----END CERTIFICATE-----

    Use an uploaded certificate

    Select an uploaded certificate. Pay attention to the time when the certificate will expire.

    -

  8. Select "I have read and understand the preceding risk, and would like to replace the CA certificate anyway." and click OK.