If an expired certificate is used for HTTPs, administrators can't be assured of the connection security. The sessions could be compromised including being subject to a MITM (man-in-the-middle) attack. The SFOS offers a selection of automatic update intervals.
If a CA expires or is compromised, your firewall can regenerate it. To regenerate a CA, do as follows:
- Go to Certificates > Certificate authorities.
- To regenerate the default certificate, go to the Manage column and click Regenerate certificate.