https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/996489#M122382 <P>The Sub CA Certificate of our old internal PKI expired a few days ago. It didn't have any impact and wasn't a security risk, but today i cleaned everything up.</P> <P>Problem is, i still get a warning on one of our firewalls.</P> <P>&nbsp;</P> <UL> <LI><SPAN>Certificate %redacted% in shared expired on %redacted%</SPAN></LI> </UL> <P>I triple checked the configuration and the new certificate i configured under <STRONG>Device - Certificate Management - Certificates</STRONG>&nbsp;for this Device is up and Valid.</P> <P>All other firewalls are now green over the whole board, just this one throws that warning. I also checked locally on the device and it got the new certificate and everything looks right.</P> <P>There could be a chance that there is a special configuration i can't see because over the years a good few admins worked on this firewall.</P> <P>Any Idea what it could be before i open a support case?</P> <P>&nbsp;</P> <P>Thank you!</P> <P>&nbsp;</P> <P>Edit: Forgot this: Version is 10.2.7-h6 (upgrading to h18 tonight)</P> Wed, 04 Dec 2024 13:41:51 GMT Stellinger 2024-12-04T13:41:51Z https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/996489#M122382 <P>The Sub CA Certificate of our old internal PKI expired a few days ago. It didn't have any impact and wasn't a security risk, but today i cleaned everything up.</P> <P>Problem is, i still get a warning on one of our firewalls.</P> <P>&nbsp;</P> <UL> <LI><SPAN>Certificate %redacted% in shared expired on %redacted%</SPAN></LI> </UL> <P>I triple checked the configuration and the new certificate i configured under <STRONG>Device - Certificate Management - Certificates</STRONG>&nbsp;for this Device is up and Valid.</P> <P>All other firewalls are now green over the whole board, just this one throws that warning. I also checked locally on the device and it got the new certificate and everything looks right.</P> <P>There could be a chance that there is a special configuration i can't see because over the years a good few admins worked on this firewall.</P> <P>Any Idea what it could be before i open a support case?</P> <P>&nbsp;</P> <P>Thank you!</P> <P>&nbsp;</P> <P>Edit: Forgot this: Version is 10.2.7-h6 (upgrading to h18 tonight)</P> Wed, 04 Dec 2024 13:41:51 GMT https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/996489#M122382 Stellinger 2024-12-04T13:41:51Z https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/997616#M122492 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/322047">@Stellinger</a>&nbsp;,</P> <P>&nbsp;</P> <P>Try running a&nbsp;show configuration | match &lt;certificate_name&gt; in the CLI to see all the places the old cert was referenced. You can also try pulling up the config into a text editor to see where the cert is referenced as well.</P> Wed, 11 Dec 2024 05:14:59 GMT https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/997616#M122492 JayGolf 2024-12-11T05:14:59Z https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/997929#M122516 <P>HI <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/322047">@Stellinger</a> <BR /><BR />According to the warning, you have a multi vsys firewall where the cert is located in shared context and therefore (in theory) should be visible in all vsys. You wrote that you checked locally and the new cert is there. Sorry for the dumb question but you did look for the cert name of the expiration warning? If the configuration is pushed from panorama as far as I understood) you need to execute "show config pushed-tenplate | match &lt;certname&gt;" instead of "show configuration".</P> Thu, 12 Dec 2024 00:28:20 GMT https://live.paloaltonetworks.com/t5/general-topics/certificate-expired-warning-in-deploy-but-all-certificates-are/m-p/997929#M122516 Remo 2024-12-12T00:28:20Z