What are the ramifications of renewing a wildcard SSL certificate on a UTM 9

Question

I have a wildcard SSL cert being used on at least one of my UTM 9s that will expire next month. I am looking at the cert in Webserver Protection > Certificate Management and my only option is to delete it. When I look at where used I see ...

Used in these configurations:

Management &rarr; WebAdmin Settings &rarr; HTTPS Certificate

Remote Access &rarr; Cisco&trade; VPN Client &rarr; Global

Used by these objects:

01) 
 Webserver Protection &rarr; Web Application Firewall &rarr; Virtual Webservers &rarr; Web Store

This object is unused.

02) 
 Remote Access &rarr; Cisco&trade; VPN Client &rarr; Global &rarr; for VPN Users to CDE (Network)

Remote Access &rarr; Cisco&trade; VPN Client &rarr; Global

We do not use the Cisco VPN client anywhere but my concern would be SSL Client remote access (which I assume uses their own individual SSL certificates generated when they were provisioned). 
 So a couple of questions. 
 
 What is the least disruptive way to renew my wildcard certificate? 
 What might break after the renewal? 
 
 Note that this is a simple renewal - no new CSR and nothing being rekeyed.

BAlfson · Answer

Hey back, Kip! 
 1. & 2. - Correct 
 3. User Portal and WebAdmin use the same cert. If you have the expiring cert selected on the 'HTTPS Certificate' tab, selecting the new cert there solves the problem for both. 
 4. Yes, I see that now. 
 5. Again, just select the new cert in "Webstore." 
 A PKCS#12 includes the cert and the CA, in the UTM, a PEM can include only one. You might be able to upload only the cert PEM if the new cert uses the same CA as the expiring one. I'm not familiar with HAProxy, but it sounds like it handles uploading certs in a different way. Concatenating cert, intermediate CA, CA and private key is done before using OpenSSL to create a PKCS#12 file that the UTM can upload. 
 Cheers - Bob