[rhmeyering]

m.schmidt-

Ok, so the VPN Certificate has expired, not the ICA certificate.

Is the certificate used to authenticate VPN Tunnels with any Gateways you do not manage (e.g External Partner, using Certs not pre-shared secrets)?

The remove, delete and create process should work find since you are not going to actually install policy untile the process is completed. As always, make a backup and db revision of your config before performing a process of the nature.

You won't have to destroy your VPN communities, but to delete the VPN Certificate the GW with the CERT has to be removed from the communities before you can delete the CERT itself. Then click [ok] , edit the GW again and create a new CERT, add the GW back to the community and install policy.

Everything should be fine.

SR/SC users will have to update their site inorder to fetch the new VPN CERT.