Firewall default trusted certificates status in CLI

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall default trusted certificates status in CLI

L1 Bithead

Hi Team,

I want to know if there is a way to monitor the firewall default trusted certificates status in CLI?


Cyber Elite
Cyber Elite


 I'm not aware of any way to monitor this in the CLI. The only configuration action that actually exists for this is adding them to the root-ca-exclude-list. I'm not aware of any way in the CLI to actually look at the individual root certificates.

Cyber Elite
Cyber Elite

@vij  One way to know if cert is going to expired is using AIOPS which needs PAN OS 10. and also paid subscription of AIOPS.

In this case send the email notification to email address configured in the AIOPS.

Other than this I do not know anyway to monitor the certs on the PA.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!