I know this not the best place to put up this question, but I feel someone might have good experience or knowledge who can share it out. :smileyhappy:
I had a self generated certificate for SSL-VPN and Captive Portal on the Palo Alto. I then generated a CSR for the same certificates and handed it over to the customer. The customer then sent it to their CA for authorization and signing it. Customer gets them back signed and in .crt format.
I then was asked to import it back on to the Palo Alto. But PA only accepts .pem or .pkcs12 format. From here I do not where to go and how to get this sorted out.
Any help on this would be great.
openssl req -new -newkey rsa:2048 -nodes -keyout vpn.key -out vpn.csr
Enter requested info
Upload vpn.csr to CA
Create PFX for PAN Device:
(If starting with .pb7 from CA)
openssl pkcs7 -print_certs -in vpn.p7b -out vpn-2012.crt
If starting with (If starting with .crt or if you have converted to a .crt from CA)
openssl pkcs12 -export -out vpn.pfx -inkey vpn.key -in vpn.crt -certfile ca.crt
Enter Export Password: Enter password here - This will be passphrase when you upload into PAN Device)
Verifying - Enter Export Password: Re-Enter password here
Upload .pfx to PAN Device
Enter passphrase that you typed when you exported as a PFX
To get the ca.crt file, copy and paste the Intermediate CA and Root CA into a notepad file and rename to ca.crt
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!