topic unable to change the web-gui certificate in General Topics

unable to change the web-gui certificate

LCMember4717 — Sun, 17 Nov 2013 18:21:12 GMT

hi ,

recently i wanted to changed the web-gui certificate i followed the procedure on how to create a certificate in openssl ( for panos 4.x) the certificate created successfully. i event imported into the appliance but whenever i click on the checkbox Certificate for Secure Web GUI i receive the following error system -> web-server-certificate 'cert' is not a valid reference, do i have to upload the main CA cert before uploading the certificate i created ?...

appreciate the help.

Re: unable to change the web-gui certificate

kadak — Mon, 18 Nov 2013 19:25:58 GMT

Hello Fahad,

You may want to ensure that they imported both keys. If you just imported the public key (certificate) it won't work. We need the private key to be able to be able to encrypt outbound data. Verify that the certificate you are importing is of the same key length/type and has the similar hash algorithm to the one generated by the firewall.

The certificate should be RSA 2048 with SHA1 hash. The firewall generates certificates with usage as: Digital Signature, Key Encipherment, Key Agreement, Certificate Signing, Off-line CRL Signing, CRL Signing (ae)

Hope that helps!

Thanks and regards,

Kunal Adak

Re: unable to change the web-gui certificate

JimS2 — Sat, 14 Dec 2013 01:00:16 GMT

You will need the root certificate. You can export this from SSL, it will only be the public key but that is ok, import it into the Palo Alto and mark it as a trusted root ca.