Panorama reset Authentication Profile (Certificate Profile based Authentication) via CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama reset Authentication Profile (Certificate Profile based Authentication) via CLI

L1 Bithead

Hi,

 

I have configured (on a test Panorama VM - luckly not on the production one) a SSL Certificate Based authentication following the steps provided on the Panorama Administrator's Guide; somehow It didn't quite worked out and I'm currently locked out.


I do have admin access to the Panorama VM via CLI -> is there any chance to reset the GUI authentication profile to username and password (its default) ? thanks

3 REPLIES 3

L3 Networker

If you have access to CLI, create a new authentication-profile using the set authentication-profile command.

Then, assign the authentication profile to the user you want to login with using set mgt-config users *username* authenticaton-profile command

Hi,

 

thank you for the feedback but this is not really what I'm after.

 

I would like to enable

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-firewall-ad...

 

However at the very beginning of the Web Page I can read:

 

"Configuring certificate-based authentication for any administrator disables the username/password logins for all administrators on the firewall; administrators thereafter require the certificate to log in."

 

I would like to know if there is any possibility to reset the "Certificate-Based Administrator Authentication to the Web Interface" via cli should something go wrong ...

 

Is this technically possible / supported ?

 

Thank you fro your feedback.

 

 

 

Have you tried just deleting the certificate-profile you created with "delete panorama certificate-profile" command?

  • 4218 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!