<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Automatic Certificate Renewal for Global Protect Portal in General Topics</title>
    <link>https://live.paloaltonetworks.com/t5/general-topics/automatic-certificate-renewal-for-global-protect-portal/m-p/1259339#M126754</link>
    <description>&lt;P&gt;With the pending move of publicly issued certificates to a shorter time frame, is there anyway to ease the amount of effort to get the new certificates installed on the firewalls since it will now need to be done multiple times a year?&amp;nbsp; Working on a few that will using SAML for authentication and be managed by Panorama so trying to see the best approach.&amp;nbsp;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I've found some forum posts elsewhere with some steps but wasn't sure what the best approach would be.&amp;nbsp;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Fri, 17 Jul 2026 14:35:24 GMT</pubDate>
    <dc:creator>DJ_1924</dc:creator>
    <dc:date>2026-07-17T14:35:24Z</dc:date>
    <item>
      <title>Automatic Certificate Renewal for Global Protect Portal</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/automatic-certificate-renewal-for-global-protect-portal/m-p/1259339#M126754</link>
      <description>&lt;P&gt;With the pending move of publicly issued certificates to a shorter time frame, is there anyway to ease the amount of effort to get the new certificates installed on the firewalls since it will now need to be done multiple times a year?&amp;nbsp; Working on a few that will using SAML for authentication and be managed by Panorama so trying to see the best approach.&amp;nbsp;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I've found some forum posts elsewhere with some steps but wasn't sure what the best approach would be.&amp;nbsp;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 17 Jul 2026 14:35:24 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/automatic-certificate-renewal-for-global-protect-portal/m-p/1259339#M126754</guid>
      <dc:creator>DJ_1924</dc:creator>
      <dc:date>2026-07-17T14:35:24Z</dc:date>
    </item>
    <item>
      <title>Re: Automatic Certificate Renewal for Global Protect Portal</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/automatic-certificate-renewal-for-global-protect-portal/m-p/1259341#M126755</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/151805"&gt;@DJ_1924&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have a friend that uses this method with Let's Encrypt and it works like a charm.&amp;nbsp;&amp;nbsp;&lt;A href="https://www.linkedin.com/pulse/can-we-configure-palo-alto-firewalls-automatically-obtain-joe-brunner-qrxoe" target="_blank"&gt;https://www.linkedin.com/pulse/can-we-configure-palo-alto-firewalls-automatically-obtain-joe-brunner-qrxoe&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;As you can see, the author uses ACME to fetch the certificate from GoDaddy.&amp;nbsp; Many CAs support ACME now.&amp;nbsp; So, there is a good chance it will work with your CA.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You can ignore Step 6:&amp;nbsp; Apply the Cert on the Firewall.&amp;nbsp; The script uses the same name and overwrites the same cert.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Panorama is also included in the script!&amp;nbsp; Here are the variables:&amp;nbsp; &amp;nbsp;&lt;A href="https://github.com/acmesh-official/acme.sh/blob/master/deploy/panos.sh" target="_blank"&gt;https://github.com/acmesh-official/acme.sh/blob/master/deploy/panos.sh&lt;/A&gt;&amp;nbsp; I am going to test the script with Panorama this year.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The best solution would be for Palo Alto to include a built-in ACMEv2 client into the NGFW.&amp;nbsp; Everyone who wants this feature should contact their SE and request it.&amp;nbsp; More requests = greater chance of implementation.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Tom&lt;/P&gt;</description>
      <pubDate>Fri, 17 Jul 2026 17:30:34 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/automatic-certificate-renewal-for-global-protect-portal/m-p/1259341#M126755</guid>
      <dc:creator>TomYoung</dc:creator>
      <dc:date>2026-07-17T17:30:34Z</dc:date>
    </item>
  </channel>
</rss>

