SafeGuard Enterprise Management Center: How to renew a self-signed certificate

  • Article ID: 111951
  • Updated: 13 Apr 2015

This article provides information on how to renew a self-signed user certificate (created by SafeGuard Enterprise) that is about to expire.

In SafeGuard Enterprise, user certificates are valid for five years by default (this value can be modified). As soon as the certificate expires, an authentication of that user at the POA will not be possible anymore and requires a Challenge/Response at every boot.

To circumvent this, a certificate renewal must be triggered in the SafeGuard Enterprise Management Center.

Applies to the following Sophos product(s) and version(s)
SafeGuard Management Center / Local Policy Editor


What to do

  1. In the SafeGuard Enterprise Management Center:
    • Select “Keys and Certificates” | “Certificates” |“Assigned certificates”.
    • Select the required user certificate and trigger a renewal of the certificates by ticking the checkbox in the “Renew” column.
    • Save the changes.

  2. On the Client:
    • User's certificate will be renewed when they next logon to the SafeGuard Enterprise client machine.
      • The user's certificate will renew once the client communicates to the SafeGuard Enterprise Server and a notification from the SafeGuard System Tray icon will popup to let them know the process completed successfully.


To verify that the renew process was successful you can go to the SafeGuard Enterprise Management Center under “Keys and Certificates” | “Certificates” |“Assigned certificates” and see the new date set in the "Expires" column.  

You can also see this new date set from the client by "Right Clicking" on the SafeGuard System Tray icon and selecting "Display" | "User certificate...".

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent