- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-18-2024 05:46 AM
Hi All,
I am trying to import the Azure SAML certificate to use it in the Identity Provider Certificate as it is expiring this Thursday. But i am getting the attached error. Does it mean do i need to delete the existing one and then import it? I have the Pem format and Base64 format but error is same when i import. Certificate extention is .cer.
Am i making anything wrong here? GP authentication will stop on Thursday so need quick help on this please.
Regards,
Sanjay S
06-20-2024 01:13 AM
Hi @Sanjay_Ramaiah ,
I don't see any attached error. Could you provide more info ?
Steps to import a new Azure SAML certificate
Step 1 - Add a CA-Issued certificate as IdP Certificate on Azure AD
Generate a certificate using your enterprise Certificate Authority. Follow instructions from Azure AD to add a new CA-issued certificate https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federate....
Please delete the old certificate before you export the IdP metadata to complete the next step.
Step 2 - Import metadata and enable Validate Identity Provider Certificate on PAN-OS
Ask your IdP administrator for IdP metadata. Import the IdP metadata into PAN-OS and/or Panorama and ensure that the Validate Identity Provider Certificate checkbox is enabled. Click OK. Create a Certificate Profile using the same CA certificate that has issued the IdPs certificate. Add the newly created IdP Server Profile and Certificate Profile to your SAML Authentication Profile. Commit the configuration to Panorama and/or the firewall.
Kind regards,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!