Go to LCSOMGMT02 and open Certify The Web


Select gp.lcso.org and click Request Certificate




Certificate files will be saved to C:\Tools\Certificate Output



Open and sign in to Panorama on your computer


Navigate to Device (on the top) > Certificates (on the left)


Verify that you are on the global template



Click Import on the bottom of the page


Import the .pfx file first


Certificate name: LE GP <Date of renewal (Ex: 08_28_2025)>

File Format: Encrypted Private Key and Certificate (PKCS12)

Certificate File: <Path to .pfx file>(can be a network path like \\lcsomgmt02\c$\Tools\Certificate Output)

Passphrase: Can be found in Keeper under "Certify the Web PW"




*****************************************************************************************************************

LetsEncrypt uses a pool of CA's that are chosen at random when you generate a cert. If the certificate you imported ends up underneath the existing LetsEncrypt Root certificate and that cert is not due to expire, you do not need to import the .pem file


Example: 

Same Root:

LetsEncrypt Root 

          LetsEncrypt GP Base <Old Date>

          LetsEncrypt GP Base <New Date>


Different Root:

LetsEncrypt Root

          LetsEncrypt GP Base <Old Date>

LetsEncrypt GP Base <New Date>

*****************************************************************************************************************

Import the .pfx file if needed


Certificate name: LE GP Root <Date of renewal>

File Format: Encryped Private Key and Certificate (PKCS12)

Certificate File: <Path to .pfx file (use this path to find it: \\lcsomgmt02\c$\Tools\Certificate Output)>

Passphrase: Can be found in Keeper under "Certify the Web PW"




----------------------------------------------------------------------------------------------------------------------------------------------------


On the left-hand side, go to SSL/TLS Service Profile


Two templates need to be updated: ECOCPA1410HA_pair_stack and SABPA460_Stack. Change this in the template dropdown menu.


For each of these templates:


Click the blue text in the Name column


In the Certificate dropdown, select the cert you just imported



Commit and Push the changes. Verify nothing breaks by going to gp.lcso.org and checking it's certificate, it may take a minute to update it.


woo