Meraki

Community

Renewal of Custom AnyConnect Client VPN certificate in China Organization

Solved
Henning_E
New here
‎Jul 31 2025 12:47 AM
‎Jul 31 2025 12:47 AM

Renewal of Custom AnyConnect Client VPN certificate in China Organization

Hello,

 

we created a chinese Meraki Dashboard account for our chinese factory a few weeks ago, and after moving the devices and licenses to the CN account as well as rebuilding the config from the global dashboard, we realized that AnyConnect Client VPN is not working anymore.

 

After some research i read in the Meraki documentation that "auto-generated" certificate for AnyConnect Client VPN is not supported in China dashboard. 

 

So we chose "Custom" option, generated a CSR in the MX dashboard, got it signed by our CA partner, and uploaded the certificate to the dashboard. So AnyConnect is working againg by now.

 

BUT, we just went with a testing certificate which is only valid for 30 days, since we had problems getting the Dashboard to accept the certificate in the first place.

 

So now i want to renew the certificate with a real certificate.

 

Question:

How do i handle this with minimal impact for end users?

If i generate a new CSR on the Meraki Dashboard, will the existing one be wiped rightaway, or will it happen when i hit "save"?

 

I want to keep the time windows between generating the CSR and our CA getting back to us with the new certificate as low as possible.

 

Appreciate your feedback and experiences with this topic.

 

Thanks for your help, kind regards

 

Henning

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 31 2025 1:07 AM
‎Jul 31 2025 1:07 AM

Generating a new CSR will not immediately invalidate the currently uploaded certificate.

The currently active certificate remains in use until you upload a new one and click Save.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 31 2025 1:07 AM
‎Jul 31 2025 1:07 AM

Generating a new CSR will not immediately invalidate the currently uploaded certificate.

The currently active certificate remains in use until you upload a new one and click Save.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Henning_E
New here
‎Jul 31 2025 2:56 AM
‎Jul 31 2025 2:56 AM

Ok, thanks for the help. So i just generated a new CSR and downloaded it, without the current setup being impacted. Thanks for the clarification.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.