Traps ESM SSL Certificate Renewal

Reply
Highlighted

Traps ESM SSL Certificate Renewal

Hello Community,

If you are enabling SSL communication between the agents and Palo Alto Network's Traps ESM, then once the certificate expires you will need to renew it, refer to the bellow steps to guide you through.

 

How to renew the SSL Certificate in Traps ESM

  • Import or generate the new certificate to the ESM Server.
  • Open the Internet Information Services (IIS) Manager.
  • Choose the Server and from the home page choose “Server Certificates”.
  • Import the new certificate.
  • Open an elevated CMD, and according to the port you set the ESM to use run the following command: netsh http show sslcert ipport=0.0.0.0:2125
  • Check the Hash of the certificate, it should be the expired certificat’s.
  • Then back to IIS Manager from the left column open “Application Pool”, then “Sites”, then “Default Web Site”.
  • In the action column choose “Bindings”.
  • According to your configuration if you are using the default settings which is port 2125, then check if the port is listed and click on “edit”, if not then click “add” as it will be overwritten because as the CMD command showed, the certificate is used on this port.
  • Fill as bellow:
    • Type: “https”
    • ip address: “All Unassigned”
    • Port: “2125”
    • SSL certificate: “Choose the new certificate”.
  • Then click ok.
  • certificate_binding.png
  • From the CMD run the command “netsh http show sslcert ipport=0.0.0.0:2125” again and confirm that the new certificate’s hash is now showing.CMD.png
  • Check-in the agents and confirm the connectivity.

 

It would be nice if PAN can confirm it too, and maybe make it a KB.

Regards

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!