If I have a PA configured with a Self Signed SSL certificate for Global Protect use, SSL/TLS profile for GP, and that certificate is about to expire.
All the workstations that have the global protect client, have the certificate installed, so that it is recognized as a trusted entity, in the computers (since it is self-signed by the same PA).
Now if I renew that certificate in the Palo Alto Networks Firewall, will I have to download and reinstall that certificate on each workstation? In theory I think that if the certificate will change, that is to say it will be renewed and extended its duration, therefore when the expiration date of the certificate that the users already have installed to validate the SSL/CA selfsigned certificate of the PA arrives, it will not allow them to connect.
Please your comments, suggestions, tips regarding the above.