https://live.paloaltonetworks.com/t5/general-topics/default-certificate-tlsv1-3-default/m-p/1253846#M126401 <P>Hi,</P> <P>&nbsp;</P> <P>Does anyone know what is the real purpose of the default certificate named&nbsp;TLSv1.3_Default which came after upgrading to 11.2 ?</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> Tue, 12 May 2026 18:29:32 GMT Pan_os 2026-05-12T18:29:32Z https://live.paloaltonetworks.com/t5/general-topics/default-certificate-tlsv1-3-default/m-p/1253846#M126401 <P>Hi,</P> <P>&nbsp;</P> <P>Does anyone know what is the real purpose of the default certificate named&nbsp;TLSv1.3_Default which came after upgrading to 11.2 ?</P> <P>&nbsp;</P> <P>Regards</P> <P>&nbsp;</P> Tue, 12 May 2026 18:29:32 GMT https://live.paloaltonetworks.com/t5/general-topics/default-certificate-tlsv1-3-default/m-p/1253846#M126401 Pan_os 2026-05-12T18:29:32Z https://live.paloaltonetworks.com/t5/general-topics/default-certificate-tlsv1-3-default/m-p/1253848#M126402 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/778713457">@Pan_os</a>&nbsp;,</P> <P>&nbsp;</P> <P>The short answer is that TLSv1.3_Default is a system-created, read-only SSL/TLS service profile used for TLS 1.3 support on specific PAN-OS services, mainly management access and GlobalProtect portals/gateways.</P> <P>&nbsp;</P> <P>It is not something you would normally modify or use for general traffic/decryption. Unless you are specifically changing TLS settings for management or GP, I would treat it as a default object PAN-OS creates to support TLS 1.3.</P> Tue, 12 May 2026 20:26:12 GMT https://live.paloaltonetworks.com/t5/general-topics/default-certificate-tlsv1-3-default/m-p/1253848#M126402 JayGolf 2026-05-12T20:26:12Z