This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Certificate Expired Warning in Deploy but all certificates are good

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Certificate Expired Warning in Deploy but all certificates are good

Stellinger
L0 Member

‎12-04-2024 05:40 AM - edited ‎12-04-2024 05:41 AM

The Sub CA Certificate of our old internal PKI expired a few days ago. It didn't have any impact and wasn't a security risk, but today i cleaned everything up.

Problem is, i still get a warning on one of our firewalls.

 

  • Certificate %redacted% in shared expired on %redacted%

I triple checked the configuration and the new certificate i configured under Device - Certificate Management - Certificates for this Device is up and Valid.

All other firewalls are now green over the whole board, just this one throws that warning. I also checked locally on the device and it got the new certificate and everything looks right.

There could be a chance that there is a special configuration i can't see because over the years a good few admins worked on this firewall.

Any Idea what it could be before i open a support case?

 

Thank you!

 

Edit: Forgot this: Version is 10.2.7-h6 (upgrading to h18 tonight)

0 Likes Likes
2 REPLIES 2

JayGolf
Community Team Member

‎12-10-2024 09:14 PM

Hi @Stellinger ,

 

Try running a show configuration | match <certificate_name> in the CLI to see all the places the old cert was referenced. You can also try pulling up the config into a text editor to see where the cert is referenced as well.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Remo
L7 Applicator

‎12-11-2024 04:28 PM

HI @Stellinger

According to the warning, you have a multi vsys firewall where the cert is located in shared context and therefore (in theory) should be visible in all vsys. You wrote that you checked locally and the new cert is there. Sorry for the dumb question but you did look for the cert name of the expiration warning? If the configuration is pushed from panorama as far as I understood) you need to execute "show config pushed-tenplate | match <certname>" instead of "show configuration".

0 Likes Likes
  • 367 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks