finally, you have to generate CSR if you import it...

i now have a certificate, i just want o replace the default certificate

Hello,

I'm worndering the same as @Alex_Wu, in my case I'm replacing old Cluster to new gateway models, so, I need to import the IPSec VPN Certificate which resides in the SMS, but there is no such option to Import the certificate to the new Cluster. If you click "Add" it takes you to generate the CSR, but I already have the signed certificate, you need to import it.

Thank you.

Hello,

I'm worndering the same as @Alex_Wu, in my case I'm replacing old Cluster to new gateway models, so, I need to import the IPSec VPN Certificate which resides in the SMS, but there is no such option to Import the certificate to the new Cluster. If you click "Add" it takes you to generate the CSR, but I already have the signed certificate, I just need to import it, ¿is there a way do do this?

Thank you.

If you are about to replace the cluster members in an existing cluster, you will only remove the old device from the cluster and initiate SIC with the new member, the policy for the cluster stays  the same and the same certificate will be installed on the new device. If you create a new cluster with the new devices you must have the certificate to import it to the new cluster.

I have a new CLuster because new models (6600) vs old models (4800) are different in hardware and software, also 

Indeed I have the certificate which I can export form the SMS, but there is no such option to Import the certificate to the new Cluster. If you click "Add" it takes you to generate the CSR, but I already have the signed certificate.

If both the old and new gateways are managed by the same management, there is no need to do this as new certificates will be generated and automatically trusted.
Any third party will validate the certificate is valid through the certificate authority.
So I’m not sure why this is necessary.

Hello and thank you for your support.

Yes, both are managed by the same management, but the certificate is from an external CA (Digicert). Let me show you some images for better explanation:

This is the current CLuster which I need to replace, it has the certificate signed by Digicert CA.

Now, this is the new Cluster which I'm preparing for migration, so, I need to ensure it has the same certificate as current Cluster. I know I can export the certificate from the SMS with export_p12 command, but there is not option to import such certificate in the Cluster properties:

If I click "Add" this takes me to generate the CSR, but this process was made in the past whe creating the certificate for the current cluster.

So, my question  is whether there is a method to import the certificate directly, or need to make the signing process again.

Thank you in advance for your help.

Thanks for the screenshots, this helps a lot.
In this case, you must generate a new certificate via a Certificate Signing Request as we do not support importing private keys for VPN usage.
I suspect we don't allow this to maintain the security of the private key.