If a certificate expires, or soon will, you
can reset the validity period. If an external certificate authority
(CA) signed the certificate and the firewall uses the Online Certificate
Status Protocol (OCSP) to verify certificate revocation status,
the firewall uses the OCSP responder information to update the certificate
status (see
Configure
an OCSP Responder). If the firewall is the CA that issued
the certificate, the firewall replaces it with a new certificate
that has a different serial number but the same attributes as the
old certificate.