topic Device Certificate fetch pending in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/device-certificate-fetch-pending/m-p/1247822#M6676 <P>On a Palo Alto Networks PA-3410, I ran the following command:</P> <P>request certificate fetch otp &lt;otp_value&gt;</P> <P>&nbsp;</P> <P>But, the job is created but remains Pending (0%) and never completes, even after multiple retries.<BR data-start="367" data-end="370" />Currently, the device certificate status is still none.&nbsp;</P> <P>&nbsp;</P> <P>with the job status as follows:</P> <P><EM>2026/02/09 21:20:59 21:20:59 33870 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/09 14:07:16 14:07:16 33780 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/08 13:04:23 13:04:23 33477 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 14:55:48 14:55:48 33208 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 13:58:03 13:58:03 33193 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 13:07:52 13:07:52 33180 Device-certificate-fetch ACT PEND 0%</EM></P> <P>&nbsp;</P> <P>Has anyone encountered this issue before?<BR data-start="474" data-end="477" />What was the solution to successfully complete the device certificate fetch?</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 10 Feb 2026 07:06:36 GMT F.Harits 2026-02-10T07:06:36Z Device Certificate fetch pending https://live.paloaltonetworks.com/t5/next-generation-firewall/device-certificate-fetch-pending/m-p/1247822#M6676 <P>On a Palo Alto Networks PA-3410, I ran the following command:</P> <P>request certificate fetch otp &lt;otp_value&gt;</P> <P>&nbsp;</P> <P>But, the job is created but remains Pending (0%) and never completes, even after multiple retries.<BR data-start="367" data-end="370" />Currently, the device certificate status is still none.&nbsp;</P> <P>&nbsp;</P> <P>with the job status as follows:</P> <P><EM>2026/02/09 21:20:59 21:20:59 33870 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/09 14:07:16 14:07:16 33780 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/08 13:04:23 13:04:23 33477 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 14:55:48 14:55:48 33208 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 13:58:03 13:58:03 33193 Device-certificate-fetch ACT PEND 0%</EM><BR /><EM>2026/02/07 13:07:52 13:07:52 33180 Device-certificate-fetch ACT PEND 0%</EM></P> <P>&nbsp;</P> <P>Has anyone encountered this issue before?<BR data-start="474" data-end="477" />What was the solution to successfully complete the device certificate fetch?</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 10 Feb 2026 07:06:36 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/device-certificate-fetch-pending/m-p/1247822#M6676 F.Harits 2026-02-10T07:06:36Z Re: Device Certificate fetch pending https://live.paloaltonetworks.com/t5/next-generation-firewall/device-certificate-fetch-pending/m-p/1247894#M6681 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1217703609">@F.Harits</a>&nbsp;,</P> <P>&nbsp;</P> <P>Open a TAC case.&nbsp; They will walk you through gaining root access (through challenge and response only available to TAC).&nbsp; They will run Python scripts to remove the invalid certificate and add a new one.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Tue, 10 Feb 2026 19:56:48 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/device-certificate-fetch-pending/m-p/1247894#M6681 TomYoung 2026-02-10T19:56:48Z