This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

is it possible to add a CA in PA device?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

is it possible to add a CA in PA device?

willstech
L3 Networker

‎07-12-2012 11:00 PM

Hello there.

I have a question related to CA for SSL client.

Customer has a certificate which issued by Trusted Root CA, but this trusted root CA is not contained in an ssl client's browser.

And then, the customer certificate was issued by this CA.

So, customer wants to distribute a CA of customer for all SSL VPN clients to avoid ssl certification error. (it was not created by a PA device.)

I tried to import to the CA at certificates in Device tab, but it  was impossible.

Is it possible to do it through PA device?

Please let me know someone who know about it.

Thanks,

Eugene.

0 Likes Likes
4 REPLIES 4

mikand
L6 Presenter

‎07-13-2012 12:44 AM

There is a trusted CA list within the device but I cant find in the manuals on how to list its content nor how to add your own CA's to this list - perhaps somebody else in here who knows?

Regarding importing of stuff, if the web-gui fails you can use scp or tftp like so:

scp import certificate from user1@10.0.3.4:/tmp/certificatefile

tftp import ssl-certificate from user1@10.0.3.4:/tmp/certificatefile

0 Likes Likes

jdelio
L7 Applicator
In response to mikand

‎07-19-2012 01:30 PM

Through the Webui -> Device -> Certificates .. that shows all of the certs there.

You can take public CA certs and import them with their Key files.

OR you can create local generated CA's,. or the actual SSL certs..

It honestly really depends on what you are trying to accomplish.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
0 Likes Likes

mikand
L6 Presenter
In response to jdelio

‎07-19-2012 01:55 PM

I hope you mean the public key when you spoke about public CA certs because I seriously doubt they will or should release their private key 😉

Regarding that cert list I have completely missed that, in which version did that show up (and whats the CLI commands to list and modify it)?

Device -> Certificate Management -> Certificates -> Default Trusted Certificate Authorities (tab)

0 Likes Likes

zarina
L5 Sessionator
In response to mikand

‎07-19-2012 05:59 PM

As of 4.1, we do not list the trusted certs that are used by PAN. The tab "Device -> Certificate Management -> Certificates -> Default Trusted Certificate Authorities" is an new feature added in 5.0.

To generate a cert through CLI:

request certificate generate <options>

To modify the cert:

set shared certificate <options>

  • 2481 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks