Global Protect VPN Device Certificates Expired

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Global Protect VPN Device Certificates Expired

L1 Bithead

Hi Guys,

 

I'm the first time to renew our GP VPN device certificates. But my certificates just expired today. 

And I checked our old device certificates, it doesn't have the "CA".

When I renew it, do I need to import certificates ".pem" file or "pkcs12"? I don't want to change any current VPN configuration.

I have totally no idea how to do it. Thanks a lot!

1 accepted solution

Accepted Solutions

L2 Linker
7 REPLIES 7

L2 Linker

Hi Basavaraj,

 

Yes. I saw this solution. My old certificates were purchased from RapidSSL. If I purchase new certificates (same domain) with new CSR/Private key from RapidSSL. Is it change other settings? My Global Protect VPN set in the AWS. Thanks.

Hi,

 

there are no settings going to be changed in the VPN configurations, you generate the new CSR and get it signed by your CA and bind the certificate with your CSR in the Palo alto firewall. after that, you can map it to your SSL/TLS profile and test it.

 

Regards

Basavaraj

L2 Linker

Hi Kevin,

 

may I know what settings are you referring to? 

 

There won't be any changes as long your VPN configuration is concerned, you have to map the new certificate in the SSL/TLS profile once you import the new certificate, only that is the change you will have to do as for as I know

 

Regards

Basavaraj

"Kevin" appears to be a bot account posting generic replies to build reputation and post spam links. The forums have been overrun by them the last few days.... "Kevin's" new account has posted 5 times in the week since being set up, 4 of which were posted/edited to include credit/payment card spam/phishing links.

L2 Linker

Hi Adrian,

 

Thank for you letting me know, I will be a little careful going forward

Regards

Basavaraj

L0 Member

 I saw this solution. My old certificates were purchased from RapidSSL. 

  • 1 accepted solution
  • 5480 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!