If you have your Intune TLS certificate expiring as you can see here, as its under 30 days......
You will need to renew this for the tunnel to still work, so to do that you will need to get a new external certificate from your certificate authority, which is different for each customer, however it will involve creating a CSR and giving that to the external provider to give you back a certificate which is in the format .cer.
When you get this response back you will need to marry up the CER with the private key which does not leave the machine you have generated it on, for this to work you need the PFX file with both the public and the private keys, below shows my file for this service.
This will have a password when you export it which you will need to know later on, now you need to get this file to the Linux servers, if you have more than one, so I would use WinSCP for the file transfer the Putty for the commands, your choice how you do this.Check server is Healthy
First its best to check the server for the tunnel is Healthy before updating it, I do this using putty from the local login, so once have connected to the server using putty run this command:
mst-cli server status
This should return that all is well, and it should be running and healthy like this:
If it is not all fine, then fix that issues before you update the TLS certificate unless the issue is that it has expired!
WinSCP for file transfer
Start up WinSCP and from the main connection dialogue, in here the connectyion is SFTP then the hostname of the servers and the username as you can see here......
You will need to know the password, enter it in the password field then once connected you will need to navigate to the directory:
/etc/mstunnel/private
Save the PFX file on your local computer where you are using WinSCP from to a certain folder for this example I will use "c:\temp\data" ensure you call this file "site.pfx" in this folder as originally from above it is called "cert.pfx"
In the left side of WinSCP navigate to the folder c:\temp\data where the PFX file is located, then it should look like this......
Once you have renamed the site.pfx to oldsite.pfx" then take the file called site.pfx on the left side and drag and drop this to the right side, this will copy it to the remote server in the correct folder.
Right, head back to the putty session you had when you checked the health of the server and then run this command:
mst-cli import_cert
mst-cli server restart
mst-cli server status
Verify with the website
The in the main "health view" the TLS certificate should be all good once again......