Certificate Expiry

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Certificate Expiry

L4 Transporter

Hi All,

I am trying to import the Azure SAML certificate to use it in the Identity Provider Certificate as it is expiring this Thursday. But i am getting the attached error. Does it mean do i need to delete the existing one and then import it? I have the Pem format and Base64 format but error is same when i import. Certificate extention is .cer.

Am i making anything wrong here? GP authentication will stop on Thursday so need quick help on this please.

 

Regards,

Sanjay S

1 REPLY 1

Community Team Member

Hi @Sanjay_Ramaiah ,

 

I don't see any attached error.  Could you provide more info ?

 

Steps to import a new Azure SAML certificate

 

Step 1 - Add a CA-Issued certificate as IdP Certificate on Azure AD

 

Generate a certificate using your enterprise Certificate Authority. Follow instructions from Azure AD to add a new CA-issued certificate https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-certificates-for-federate....

Please delete the old certificate before you export the IdP metadata to complete the next step.

 

Step 2 - Import metadata and enable Validate Identity Provider Certificate on PAN-OS

 

Ask your IdP administrator for IdP metadata. Import the IdP metadata into PAN-OS and/or Panorama and ensure that the Validate Identity Provider Certificate checkbox is enabled. Click OK. Create a Certificate Profile using the same CA certificate that has issued the IdPs certificate. Add the newly created IdP Server Profile and Certificate Profile to your SAML Authentication Profile. Commit the configuration to Panorama and/or the firewall.

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 308 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!