Failed to Fetch the Device Certificate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Failed to Fetch the Device Certificate

L2 Linker

Hi Team,

 

I facing the issue to install the device certificate. I have generated the OTP in CSP. and installed it in the panorama-managed firewall. but we are getting the below error ' Failed to fetch the device certificate.TPM public key match failed. Kindly help to resolve the issue.

 

 



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
6 REPLIES 6

Community Team Member

Hi @AhamadullahM ,

 

First try again after doing a commit force to the device first.

I've seen several occurences where this fixed it for the users.

 

If it still fails -

What hardware and PAN-OS are you running ?

Confirm you're running on a preferred OS release so you're not running into possible bugs from older OS versions.

I've seen several cases where root access was required from TAC to fix the issue as well (PA-440 mostly it seems).

 

This type of error can have several root causes to be able to pinpoint the issue exactly with the information currently provided.

 

Best regards,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L3 Networker

I had same issue and a commit force caused the device cert to redownload properly

L0 Member

Hi all,

 

I have the same problem on Pa-5430 10.2.2-h2. The commit force did not resolve my issue. Do you have any other posibble solution , which can help? 

 

Thanks!

L0 Member

Hi , we have the same problem in 5450 using 10.2.6. Any workarround?

L1 Bithead

I am having the same problem 

you must open a suppot ticket. The re-generate de local certificate and fix some problem of the AP using root access. Then you can generate OTP again and fetch the certificate.

  • 9695 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!