https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236999#M67908 <P>Hey&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a></P><P>&nbsp;</P><P>When you click the "Certificate Authority" box when generating a certificate, it means that other certificates can be signed by that certificate. For example, if you wanted a full certificate chain that is all self-signed it would be:</P><P>&nbsp;</P><P>Root Certificate - Marked As Certificate Authority</P><P>&nbsp; &nbsp; Intermediate Certificate (Signed by Root Certificate) - Marked as Certificate Authority</P><P>&nbsp; &nbsp; &nbsp; &nbsp; Primary Certificate (Signed by Intermediate Certificate) - <STRONG>Not marked</STRONG> as Certificate Authority</P><P>&nbsp;</P><P>Edit: and no, marking a certificate as a certificate authority does not make it a publically signed certificate - i.e. devices won't trust it.</P><P>&nbsp;</P><P>To get a publically signed certificate, you need to generate a certificate signing request (CSR) by generating a certificate and then select "Signed by:&nbsp;External Authority"</P> Thu, 25 Oct 2018 11:26:10 GMT LukeBullimore 2018-10-25T11:26:10Z https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236966#M67901 <P>&nbsp;</P><P>Need to confirm on certificate if&nbsp; only CA option is checked&nbsp; then it is Public CA signed certificate?</P><P>&nbsp;</P><P>which type of cert it is when only CA option is checked?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 Oct 2018 06:08:33 GMT https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236966#M67901 MP18 2018-10-25T06:08:33Z https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236973#M67902 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a></P><P>&nbsp;</P><P>Are you asking for a cert that you have created on your PA (or one that you have imported from a corporate CA) or a completely different cert?</P> Thu, 25 Oct 2018 06:55:34 GMT https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236973#M67902 Remo 2018-10-25T06:55:34Z https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236999#M67908 <P>Hey&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a></P><P>&nbsp;</P><P>When you click the "Certificate Authority" box when generating a certificate, it means that other certificates can be signed by that certificate. For example, if you wanted a full certificate chain that is all self-signed it would be:</P><P>&nbsp;</P><P>Root Certificate - Marked As Certificate Authority</P><P>&nbsp; &nbsp; Intermediate Certificate (Signed by Root Certificate) - Marked as Certificate Authority</P><P>&nbsp; &nbsp; &nbsp; &nbsp; Primary Certificate (Signed by Intermediate Certificate) - <STRONG>Not marked</STRONG> as Certificate Authority</P><P>&nbsp;</P><P>Edit: and no, marking a certificate as a certificate authority does not make it a publically signed certificate - i.e. devices won't trust it.</P><P>&nbsp;</P><P>To get a publically signed certificate, you need to generate a certificate signing request (CSR) by generating a certificate and then select "Signed by:&nbsp;External Authority"</P> Thu, 25 Oct 2018 11:26:10 GMT https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/236999#M67908 LukeBullimore 2018-10-25T11:26:10Z https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/237038#M67921 <P>Asking about the cert which i created on the PA.</P> Thu, 25 Oct 2018 13:04:28 GMT https://live.paloaltonetworks.com/t5/general-topics/public-ca-signed-certificate/m-p/237038#M67921 MP18 2018-10-25T13:04:28Z