topic NGFW unable to fetch device certificate due to bug in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/ngfw-unable-to-fetch-device-certificate-due-to-bug/m-p/1252107#M6850 <P>Hi Team,<BR /><BR />In reference to&nbsp;PAN-313623 describes an issue on Palo Alto Networks firewalls with Trusted Platform Module (TPM), support where device certificate renewals, may fail due to a disk partition becoming full . <BR /><BR />This occurs because temporary .pub_pem files accumulate in the /opt/pancfg/mgmt/ssl/private/ directory and are not deleted during device certificate status checks, specifically when the show device-certificate status CLI command is executed .</P> <P><BR /><BR /></P> <P>The issue PAN-313623 has been addressed and fixed in various PAN-OS versions, including:</P> <P>PAN-OS 11.1.6-h29</P> <P>PAN-OS 11.1.10-h21</P> <P>PAN-OS 11.1.13-h3</P> <P>PAN-OS 11.2.7-h12</P> <P>PAN-OS 11.2.10-h5</P> <P>PAN-OS 11.2.11</P> <P><BR />For PAN-OS 12.1.x, PAN-313623 is still listed as a known issue in versions 12.1.3, 12.1.4, 12.1.5, and 12.1.6.<BR /><BR />My client is at 12.1.6 and needs information about the fix version and when it will be available. As far as now is to reboot NGFW in orden to cleanup this directory and refetech device certificate again.</P> Mon, 13 Apr 2026 14:27:43 GMT P.RuizLopez 2026-04-13T14:27:43Z NGFW unable to fetch device certificate due to bug https://live.paloaltonetworks.com/t5/next-generation-firewall/ngfw-unable-to-fetch-device-certificate-due-to-bug/m-p/1252107#M6850 <P>Hi Team,<BR /><BR />In reference to&nbsp;PAN-313623 describes an issue on Palo Alto Networks firewalls with Trusted Platform Module (TPM), support where device certificate renewals, may fail due to a disk partition becoming full . <BR /><BR />This occurs because temporary .pub_pem files accumulate in the /opt/pancfg/mgmt/ssl/private/ directory and are not deleted during device certificate status checks, specifically when the show device-certificate status CLI command is executed .</P> <P><BR /><BR /></P> <P>The issue PAN-313623 has been addressed and fixed in various PAN-OS versions, including:</P> <P>PAN-OS 11.1.6-h29</P> <P>PAN-OS 11.1.10-h21</P> <P>PAN-OS 11.1.13-h3</P> <P>PAN-OS 11.2.7-h12</P> <P>PAN-OS 11.2.10-h5</P> <P>PAN-OS 11.2.11</P> <P><BR />For PAN-OS 12.1.x, PAN-313623 is still listed as a known issue in versions 12.1.3, 12.1.4, 12.1.5, and 12.1.6.<BR /><BR />My client is at 12.1.6 and needs information about the fix version and when it will be available. As far as now is to reboot NGFW in orden to cleanup this directory and refetech device certificate again.</P> Mon, 13 Apr 2026 14:27:43 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ngfw-unable-to-fetch-device-certificate-due-to-bug/m-p/1252107#M6850 P.RuizLopez 2026-04-13T14:27:43Z Re: NGFW unable to fetch device certificate due to bug https://live.paloaltonetworks.com/t5/next-generation-firewall/ngfw-unable-to-fetch-device-certificate-due-to-bug/m-p/1253567#M6906 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/444912017">@P.RuizLopez</a>&nbsp;,</P> <P>&nbsp;</P> <P>At this time, I do not see a public 12.1.x fixed version listed for PAN-313623. Since the customer needs a fix version/ETA, I would recommend opening a TAC case.&nbsp;</P> Thu, 07 May 2026 01:42:48 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ngfw-unable-to-fetch-device-certificate-due-to-bug/m-p/1253567#M6906 JayGolf 2026-05-07T01:42:48Z