Running PAN OS 10.2.2-h2 and generated a certificate. The cert doesn't display in the gui under Device Certificates. I created it again and it said that there are duplicate certificates now. I am new to Palo and not sure how else I can go about viewing the certs that I generated or how to go about removing them.
you can view certificates from the CLI by using below commands:
show shared certificate
To remove certificate, you can use below command:
delete shared certificate <certificate name>
Regarding how you ended up to not able to see a certificate in GUI, I am not sure what could have caused this. I do not see any known issue in the version you are running and have not faced this myself before.
I reached out on some other boards also and I got responses back that others have/have been experiencing the same issue. Even using the show shared certificate command doesn't display anything. They are there though. I exported the firewall state and looked at the text file and saw both certs in there. Just not able to see them in the system.
Greetings from Palo Alto Networks!
I saw your post and have a few recommendations for you. In order to troubleshoot this issue further, we may have to collect the tech support file and perform live troubleshooting, I recommend you to open a support case so that the next available engineer can help you with this issue.
If you find any difficulty in opening a support case, feel free to respond to this post.
Web Portal: https://support.paloaltonetworks.com
Thanks and Regards,
Palo Alto Networks
I worked with the vendor that we purchased the palo through and have support with. They upgraded our system to 10.2.3-h2 to see if that would allow us to see the certs. The certs still didn't show. I tried generating a new cert and that one did show in the gui and cli. I still have the two certs that were originally generated still in there that I can't see other than through the state file, but I was able to generate a new file, export it and start playing around with ssl decryption. At some point I'll have to figure out how to get rid of the other two certs. I was surprised to see that it seems to be an issue others have had from what I have seen online, but nothing in any bug reports.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!