SafeGuard Enterprise Management Center: How to renew a self-signed certificate

  • Article ID: 111951
  • Updated: 06 Apr 2016

This article provides information on how to renew a self-signed user certificate (created by SafeGuard Enterprise) that is about to expire.

In SafeGuard Enterprise, user certificates are valid for five years by default (this value can be modified). As soon as the certificate expires, an authentication of that user at the POA will not be possible anymore and requires a Challenge/Response at every boot.

To circumvent this, a certificate renewal must be triggered in the SafeGuard Enterprise Management Center.

Applies to the following Sophos product(s) and version(s)
SafeGuard Management Center / Local Policy Editor


What to do

  1. In the SafeGuard Enterprise Management Center:
    • Select “Keys and Certificates” | “Certificates” |“Assigned certificates”.
    • Select the required user certificate and trigger a renewal of the certificates by ticking the check box in the “Renew” column.
    • Save the changes.

  2. On the Client:
    • User's certificate will be renewed when they next log into the SafeGuard Enterprise client machine.
      • The user's certificate will renew once the client communicates successfully to the SafeGuard Enterprise Server. A notification from the SafeGuard System Tray icon will pop up informing them that the process completed successfully.


To verify that the renew process was successful, you can go to the SafeGuard Enterprise Management Center under “Keys and Certificates” | “Certificates” |“Assigned certificates” and see the new date set in the "Expires" column.  

You can also see this new date set from the client by "Right Clicking" on the SafeGuard System Tray icon and selecting "Display" | "User certificate...".

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent