- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-17-2022 03:09 PM
Running PAN OS 10.2.2-h2 and generated a certificate. The cert doesn't display in the gui under Device Certificates. I created it again and it said that there are duplicate certificates now. I am new to Palo and not sure how else I can go about viewing the certs that I generated or how to go about removing them.
Thank you
12-17-2022 09:43 PM
Hello @mjgrlg72
you can view certificates from the CLI by using below commands:
configure
show shared certificate
To remove certificate, you can use below command:
delete shared certificate <certificate name>
commit
Regarding how you ended up to not able to see a certificate in GUI, I am not sure what could have caused this. I do not see any known issue in the version you are running and have not faced this myself before.
Kind Regards
Pavel
12-21-2022 11:59 AM
I reached out on some other boards also and I got responses back that others have/have been experiencing the same issue. Even using the show shared certificate command doesn't display anything. They are there though. I exported the firewall state and looked at the text file and saw both certs in there. Just not able to see them in the system.
12-22-2022 02:31 PM - edited 12-22-2022 02:31 PM
Hi @mjgrlg72,
Greetings from Palo Alto Networks!
I saw your post and have a few recommendations for you. In order to troubleshoot this issue further, we may have to collect the tech support file and perform live troubleshooting, I recommend you to open a support case so that the next available engineer can help you with this issue.
If you find any difficulty in opening a support case, feel free to respond to this post.
Web Portal: https://support.paloaltonetworks.com
Thanks and Regards,
Prerna Ahire
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-discussions/bd-p/Cloud_NGFW_Discussions
12-23-2022 06:23 AM
I worked with the vendor that we purchased the palo through and have support with. They upgraded our system to 10.2.3-h2 to see if that would allow us to see the certs. The certs still didn't show. I tried generating a new cert and that one did show in the gui and cli. I still have the two certs that were originally generated still in there that I can't see other than through the state file, but I was able to generate a new file, export it and start playing around with ssl decryption. At some point I'll have to figure out how to get rid of the other two certs. I was surprised to see that it seems to be an issue others have had from what I have seen online, but nothing in any bug reports.
12-23-2022 12:25 PM
Hello @mjgrlg72,
Greetings from Palo Alto networks.
I saw your post and have a few recommendations for you. The cert doesn't display in the GUI under 'Device Certificates' because there were duplicate certs and this caused issues with the import device state, You have to delete the duplicate certs and it will work well!
You can refer to the following articles to remove the duplicate certificate-
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC
If you found this answer and article helpful then please "Accept it as a solution".
If you have any further questions please reach out to the community.
Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
12-23-2022 12:25 PM
Hello @mjgrlg72,
Greetings from Palo Alto networks.
I saw your post and have a few recommendations for you. The cert doesn't display in the GUI under 'Device Certificates' because there were duplicate certs and this caused issues with the import device state, You have to delete the duplicate certs and it will work well!
You can refer to the following articles to remove the duplicate certificate-
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC
If you found this answer and article helpful then please "Accept it as a solution".
If you have any further questions please reach out to the community.
Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
01-02-2023 03:19 PM
Hello @mjgrlg72,
Greetings from Palo Alto Networks!
This is a follow-up message, I request you check the solution provided and update accordingly.
Please "accept it as a solution" if you found the answer and article useful.
If you have any further questions please reach out to the community.
Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
01-06-2023 10:18 AM
Hello @mjgrlg72,
Greetings from Palo Alto Networks!
This is a follow-up message, I request you check the solution provided and update accordingly.
Please "accept it as a solution" if you found the answer and article useful.
If you have any further questions please reach out to the community.
Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
07-17-2024 07:32 AM - edited 07-17-2024 07:33 AM
Had the same thing on a 10.2.9-h1 but by generate a certificate in cli it finally worked for me:
FW01> request certificate generate days-till-expiry 365 ca yes certificate-name mycert_CA name www.example.com algorithm RSA rsa-nbits 2048
Successfully generated certificate and key pair : mycert_CA
08-22-2024 06:11 AM
Same issue, running 10.2.4-h2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!