Certificate Login to WebGUI with IE displays Login Page when Firewall has an Underscore in FQDN

Printer Friendly Page


While using Certificate Authentication with Internet Explorer (up to IE10), logging into the Palo Alto Networks device WebGUI causes the login page to be displayed instead of showing the Web UI page.

Checking the device system logs show that the user login succeeded. Logging in with Mozilla Firefox and Google Chrome web browsers work as expected.



Internet Explorer is ignoring/dropping cookies for site names that contain an underscore character.


Example: The URI and certificate common name for the Web UI is:




To resolve this issue, change the DNS from adm_stage.example.com to adm-stage.example.com and recreate the user certificate with the new DNS name. Additionally, configure the site under Internet Explorer "Compatibility View".


owner: dmaynard


Tags (6)

As per RFC1912, underscore character is not allowed in hostname record.

I have a customer experiencing the problem with IE11