Unable to update Appliance certificate.

Hello tomrgsd ,

Thank you for reaching out to the community, the error "you must enter a Network IP Address." can be rectified with the new change in the SSL VPN  "IPv4 lease range" please refer the Doc here - SSL VPN "IPv4 lease range" changes OR global settings update gives error "You must enter a network IP address." in SFOS v19. 

Once that is reflected, you can select temporary holder and check.

That corrected the issue about the network IP address, but now it says I can't update the certificate because it is in use for the admin port settings. 
Why Can't I just update the certificate and everything that uses it use the updated certificate get updated by the system. If it already knows what I'm using it for, let me update it and then Sophos update everywhere it needs that is currently using it.

That corrected the issue about the network IP address, but now it says I can't update the certificate because it is in use for the admin port settings. 
Why Can't I just update the certificate and everything that uses it use the updated certificate get updated by the system. If it already knows what I'm using it for, let me update it and then Sophos update everywhere it needs that is currently using it.

Well that is architectural design, as of now you navigate  to Administration > Admin and user settings > Admin console and end-user interaction, here you can select you can select temporary holder and check again.



Apart from this, another workaround is to use API, with the following steps below:

1. Install a new certificate
2. For each object type where a certificate may be used:
   1. get current settings (which is based on XML)
   2. modify XML so it refers to the new certificate
   3. post new settings
3. Delete old certificate