How to Renew Certificates for GlobalProtect Devices

Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Renew Certificates for GlobalProtect Devices

L3 Networker


Hi all,


I want to renew the expiration date of the certificates for my globalprotect devices. The firewall is the CA that issued the certificates.


My question is whether I have to export and import the certificates after renewing them by following the steps on this article:


I don´t know if the certificates renewal requires any installation or the changes will be reflected in the devices without installation. 


Many thanks in advance,



Hi Marcos,


Thanks for your response.

Also make sure that if the Client certificate is generated on firewall you export it in format PKCS12.


If this advice helps your case, please mark it as a solution so that it may help others.








L2 Linker


Hey @Carracido 


I know it's been a while since you've made this post, so I hope this message finds you well.


Since the certificates were generated on the firewall, we have the ability to renew them directly from the PAN-OS without having to re-deploy them.


I've included the document explaining this in further detail below for your reference.


Stay safe and have a great day!




If we renewed self-signed cert , will be able to connect GP with expired self-signed cert already installed in user machine ?


We are able to get certificate warning while connecting GP on new machine.


But on already installed machine its giving server certificate not found error.  Also we have enabled installed certificate in trusted root store in Global Protect Portal > Agent but no luck.

Do we require to remove gateway address from GP client and need to reconnect ? in order to get certificate warning or to get renewed cert automatically installed on user machine.


If we install renewed certificate on user machine then we are able to connect GP.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!