03-17-2021 04:37 AM
the device certificate is going to expire end of march.
My PA trys to renew it and comes up with the following error:
Failed to renew device certificate.Failed to send request to CSP server.Error: No OCSP response received(dest => 188.8.131.52)
I have no telemetry enabled.
Just activated the certificate with OTP on 2020/12/29 after upgrading to PanOS 9.1.7.
Now it´s the first try of my PA to renew it.
The only thing i found relates to PanOS 9.1.8 wich seems to fix another error with device certificate:
Fixed an issue where the firewall returned the following error message when attempting to request a device certificate using a one-time password (OTP):
Any ideas where to look for?
10-13-2022 07:58 AM
I have no such link.
10-17-2022 03:12 AM
Hi @Jason_Lieberman ,
There's a way to fetch it using the CLI:
admin@PA-LAB> request certificate fetch otp <value>
replace <value> with the OTP generated on the support portal.
Hope this helps,
10-17-2022 06:30 AM
While the 'request certificate fetch otp' is not a valid command on my 440. 'request certificate fetch' is. When I ran that is managed to get a new cert. I'm shocked! It's been failing for a few weeks now and TAC is stumped as to why.
Thank you for that.
11-10-2022 04:09 AM
Try the solution here on the 440 - it works luckily : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NlxCAE
11-10-2022 04:11 AM
Then ssh in and try simply:
request certificate fetch
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!