https://live.paloaltonetworks.com/t5/general-topics/certificate-expiry/m-p/589968#M117560 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/249853">@Sanjay_Ramaiah</a> ,</P> <P>&nbsp;</P> <P>I don't see any attached error.&nbsp; Could you provide more info ?</P> <P>&nbsp;</P> <P><SPAN>Steps to import a new Azure SAML certificate </SPAN></P> <P>&nbsp;</P> <P><SPAN>Step 1 - Add a CA-Issued certificate as IdP Certificate on Azure AD </SPAN></P> <P>&nbsp;</P> <P><SPAN>Generate a certificate using your enterprise Certificate Authority. Follow instructions from Azure AD to add a new CA-issued certificate </SPAN><A style="box-sizing: border-box; background-color: #ffffff; color: var(--lwc-brandtextlink,#0176d3); text-decoration: none; transition: color 0.1s linear 0s; cursor: pointer; font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-line;" href="https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#create-a-new-certificate" target="_blank" rel="noopener" data-aura-rendered-by="114:75291;a">https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#create-a-new-certificate</A><SPAN>. </SPAN></P> <P><SPAN>Please delete the old certificate before you export the IdP metadata to complete the next step. </SPAN></P> <P>&nbsp;</P> <P><SPAN>Step 2 - Import metadata and enable Validate Identity Provider Certificate on PAN-OS </SPAN></P> <P>&nbsp;</P> <P><SPAN>Ask your IdP administrator for IdP metadata. Import the IdP metadata into PAN-OS and/or Panorama and ensure that the Validate Identity Provider Certificate checkbox is enabled. Click OK. Create a Certificate Profile using the same CA certificate that has issued the IdPs certificate. Add the newly created IdP Server Profile and Certificate Profile to your SAML Authentication Profile. Commit the configuration to Panorama and/or the firewall.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind regards,</SPAN></P> <P><SPAN>-Kim.</SPAN></P> Thu, 20 Jun 2024 08:13:54 GMT kiwi 2024-06-20T08:13:54Z https://live.paloaltonetworks.com/t5/general-topics/certificate-expiry/m-p/589793#M117528 <P>Hi All,</P> <P>I am trying to import the Azure SAML certificate to use it in the&nbsp;<SPAN>Identity Provider Certificate as it is expiring this Thursday. But i am getting the attached error. Does it mean do i need to delete the existing one and then import it? I have the Pem format and Base64 format but error is same when i import. Certificate extention is .cer.</SPAN></P> <P>Am i making anything wrong here? GP authentication will stop on Thursday so need quick help on this please.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sanjay S</P> Tue, 18 Jun 2024 12:46:47 GMT https://live.paloaltonetworks.com/t5/general-topics/certificate-expiry/m-p/589793#M117528 Sanjay_Ramaiah 2024-06-18T12:46:47Z https://live.paloaltonetworks.com/t5/general-topics/certificate-expiry/m-p/589968#M117560 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/249853">@Sanjay_Ramaiah</a> ,</P> <P>&nbsp;</P> <P>I don't see any attached error.&nbsp; Could you provide more info ?</P> <P>&nbsp;</P> <P><SPAN>Steps to import a new Azure SAML certificate </SPAN></P> <P>&nbsp;</P> <P><SPAN>Step 1 - Add a CA-Issued certificate as IdP Certificate on Azure AD </SPAN></P> <P>&nbsp;</P> <P><SPAN>Generate a certificate using your enterprise Certificate Authority. Follow instructions from Azure AD to add a new CA-issued certificate </SPAN><A style="box-sizing: border-box; background-color: #ffffff; color: var(--lwc-brandtextlink,#0176d3); text-decoration: none; transition: color 0.1s linear 0s; cursor: pointer; font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: pre-line;" href="https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#create-a-new-certificate" target="_blank" rel="noopener" data-aura-rendered-by="114:75291;a">https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federated-single-sign-on#create-a-new-certificate</A><SPAN>. </SPAN></P> <P><SPAN>Please delete the old certificate before you export the IdP metadata to complete the next step. </SPAN></P> <P>&nbsp;</P> <P><SPAN>Step 2 - Import metadata and enable Validate Identity Provider Certificate on PAN-OS </SPAN></P> <P>&nbsp;</P> <P><SPAN>Ask your IdP administrator for IdP metadata. Import the IdP metadata into PAN-OS and/or Panorama and ensure that the Validate Identity Provider Certificate checkbox is enabled. Click OK. Create a Certificate Profile using the same CA certificate that has issued the IdPs certificate. Add the newly created IdP Server Profile and Certificate Profile to your SAML Authentication Profile. Commit the configuration to Panorama and/or the firewall.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Kind regards,</SPAN></P> <P><SPAN>-Kim.</SPAN></P> Thu, 20 Jun 2024 08:13:54 GMT https://live.paloaltonetworks.com/t5/general-topics/certificate-expiry/m-p/589968#M117560 kiwi 2024-06-20T08:13:54Z