Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate could not be updated as it is already used by HTTP Based Policy

One of my certificates expired that's in use in several places.

When I go to edit the certificate and upload the new, it fails with the following error at the top center of the screen:

Certificate could not be updated as it is already used by HTTP Based Policy

I can create a wholly new certificate, but that means updating a bunch of rules.

Is it not possible to replace an existing expired certificate?



This thread was automatically locked due to age.
  • I have the same issue. Anybody know the answer?

  • Unfortunately the answer seems to be no. Crossing fingers that the team at Sophos soon realize what a terrible design this is.

     

    My workaround for this has been to use the API to perform the following steps:

    1. Install a new certificate
    2. For each object type where a certificate may be used:
      1. get current settings (which is based on XML)
      2. modify XML so it refers to the new certificate
      3. post new settings
    3. Delete old certificate

     

    -Trond

  • Hi Trond,
     
    Sorry for butting in on another thread, but your suggestion sounds very similar to what I'm trying to achieve. I'm struggling with the certificate upload (via API), however. I've posted my own question about this here. If you find yourself with a few minutes spare to point me in the right direction it would be much appreciated.
     
    Thanks,
    Andrew
  • Hi,

    I have a similar issue, but I've stopped HTTPS Scanning, went back to the ApplianceCertificate, and made sure in SSL VPN Settings I'm back to the ApplianceCertificate. I'm quite sure I'm NOT using the certificate in question in any other place. Issue is, I'm trying to RENEW and keep getting the above message. Am I missing something?