topic Re: Cert Delete and Created new devicecert in Next-Generation Firewall Discussions

Cert Delete and Created new devicecert

Gun-Slinger — Tue, 06 Sep 2022 13:09:25 GMT

Anyone run into this?

We discovered around 0400 AM (outside business hours so no admins online) the following logs generated. They appear system generated as if the device is regenerating a cert. Problem is, it doesn't match the dates on the device certificate that is normally generated under the device tab and PAN has zero documentation to tell us if this is normal behavior.

Re: Cert Delete and Created new devicecert

S.Cantwell — Thu, 08 Sep 2022 22:42:35 GMT

Hello, this is normal to see a device cert get regenerated. It will do this every 90 days more or less.

Re: Cert Delete and Created new devicecert

Gun-Slinger — Fri, 09 Sep 2022 11:57:53 GMT

We contacted TAC to get clarity on this issue and here is the answer received:

This is a new feature in 10.1.

The firewall certificate is valid for 3 Months.

2 Weeks prior to expiration, the firewall will:
-Create a new CSR and send this to panorama for signing
-Panorama will sign this CSR and return, signed cert, device CA cert, SNI to use for this new certificate
-Switches the connection to new Cert on the next connect

Re: Cert Delete and Created new devicecert

Puvi12 — Thu, 03 Nov 2022 06:26:47 GMT

We're noticing similar issue on Panorama where there is no certificate creation however getting the high severity alert on the cert delete.

is there anyway to stop this high severity cert delete alert?