You can re-generate the VPN Signing CA that was created during the initial setup of the unit. The VPN Signing CA is the certificate authority with which digital certificates are signed that are used for remote access and site-to-site VPN connections. The old VPN signing CA will be kept as verification CA.

Re-generate Signing CA

You can renew all user certificates using the current signing CA. This becomes relevant once you have installed an alternative VPN Signing CA on the Certificate Authority tab.

Caution –Sophos UTM on AWS and all user certificates will be re-generated using the new signing CA. This will break certificate-based site-to-site and remote access VPN connections.