Generated Certificate Not Showing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generated Certificate Not Showing

L1 Bithead

Running PAN OS 10.2.2-h2 and generated a certificate. The cert doesn't display in the gui under Device Certificates. I created it again and it said that there are duplicate certificates now. I am new to Palo and not sure how else I can go about viewing the certs that I generated or how to go about removing them.

 

Thank you

10 REPLIES 10

Cyber Elite
Cyber Elite

Hello @mjgrlg72

 

you can view certificates from the CLI by using below commands:

 

configure
show shared certificate

 

To remove certificate, you can use below command:

 

delete shared certificate <certificate name>
commit

 

Regarding how you ended up to not able to see a certificate in GUI, I am not sure what could have caused this. I do not see any known issue in the version you are running and have not faced this myself before.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

I reached out on some other boards also and I got responses back that others have/have been experiencing the same issue. Even using the show shared certificate command doesn't display anything. They are there though. I exported the firewall state and looked at the text file and saw both certs in there. Just not able to see them in the system.

L3 Networker

Hi @mjgrlg72,

 

Greetings from Palo Alto Networks!

 

I saw your post and have a few recommendations for you. In order to troubleshoot this issue further, we may have to collect the tech support file and perform live troubleshooting, I recommend you to open a support case so that the next available engineer can help you with this issue.
If you find any difficulty in opening a support case, feel free to respond to this post.

 

Web Portal: https://support.paloaltonetworks.com

 

Thanks and Regards,
Prerna Ahire
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/cloud-ngfw-discussions/bd-p/Cloud_NGFW_Discussions

 

 

 

 

 

 

I worked with the vendor that we purchased the palo through and have support with. They upgraded our system to 10.2.3-h2 to see if that would allow us to see the certs. The certs still didn't show. I tried generating a new cert and that one did show in the gui and cli. I still have the two certs that were originally generated still in there that I can't see other than through the state file, but I was able to generate a new file, export it and start playing around with ssl decryption. At some point I'll have to figure out how to get rid of the other two certs. I was surprised to see that it seems to be an issue others have had from what I have seen online, but nothing in any bug reports.

L4 Transporter

Hello @mjgrlg72,

 

Greetings from Palo Alto networks.

I saw your post and have a few recommendations for you. The cert doesn't display in the GUI under 'Device Certificates' because there were duplicate certs and this caused issues with the import device state, You have to delete the duplicate certs and it will work well! 

 

You can refer to the following articles to remove the duplicate certificate-

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POcWCAW&lang=en_US%E2%80%A...

 

If you found this answer and article helpful then please "Accept it as a solution".


If you have any further questions please reach out to the community.

 

Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
 

 





 

L4 Transporter

Hello @mjgrlg72,

 

Greetings from Palo Alto networks.

I saw your post and have a few recommendations for you. The cert doesn't display in the GUI under 'Device Certificates' because there were duplicate certs and this caused issues with the import device state, You have to delete the duplicate certs and it will work well! 

 

You can refer to the following articles to remove the duplicate certificate-

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POcWCAW&lang=en_US%E2%80%A...

 

If you found this answer and article helpful then please "Accept it as a solution".


If you have any further questions please reach out to the community.

 

Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions
 

 





 

L4 Transporter

Hello @mjgrlg72,

 

Greetings from Palo Alto Networks!


This is a follow-up message, I request you check the solution provided and update accordingly.

 

Please "accept it as a solution" if you found the answer and article useful.


If you have any further questions please reach out to the community.

 

Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions

 

Hello @mjgrlg72,

 

Greetings from Palo Alto Networks!


This is a follow-up message, I request you check the solution provided and update accordingly.

 

Please "accept it as a solution" if you found the answer and article useful.


If you have any further questions please reach out to the community.

 

Regards,
Mayurkumar Farkade
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/configuration-discussions/ct-p/Configuration-Discussions

 

L2 Linker

Had the same thing on a 10.2.9-h1 but by generate a certificate in cli it finally worked for me:

FW01> request certificate generate days-till-expiry 365 ca yes certificate-name mycert_CA name www.example.com algorithm RSA rsa-nbits 2048


Successfully generated certificate and key pair : mycert_CA

L1 Bithead

Same issue, running 10.2.4-h2

  • 10637 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!