For details on cookie usage on our site, read our Privacy Policy
How to Renew Certificates for GlobalProtect Devices
- LIVEcommunity
- Discussions
- General Topics
- How to Renew Certificates for GlobalProtect Devices
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
How to Renew Certificates for GlobalProtect Devices
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-18-2016 07:53 AM - edited 01-18-2016 11:39 AM
Hi all,
I want to renew the expiration date of the certificates for my globalprotect devices. The firewall is the CA that issued the certificates.
My question is whether I have to export and import the certificates after renewing them by following the steps on this article:
I don´t know if the certificates renewal requires any installation or the changes will be reflected in the devices without installation.
Many thanks in advance,
Marcos
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-19-2016 07:51 AM
Hi Marcos,
Thanks for your response.
Also make sure that if the Client certificate is generated on firewall you export it in format PKCS12.
If this advice helps your case, please mark it as a solution so that it may help others.
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-22-2020 04:27 PM
Hey @Carracido
I know it's been a while since you've made this post, so I hope this message finds you well.
Since the certificates were generated on the firewall, we have the ability to renew them directly from the PAN-OS without having to re-deploy them.
I've included the document explaining this in further detail below for your reference.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POioCAG
Stay safe and have a great day!
-Cheers
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-17-2021 06:10 AM
If we renewed self-signed cert , will be able to connect GP with expired self-signed cert already installed in user machine ?
We are able to get certificate warning while connecting GP on new machine.
But on already installed machine its giving server certificate not found error. Also we have enabled installed certificate in trusted root store in Global Protect Portal > Agent but no luck.
Do we require to remove gateway address from GP client and need to reconnect ? in order to get certificate warning or to get renewed cert automatically installed on user machine.
If we install renewed certificate on user machine then we are able to connect GP.
- Device Block List for GlobalProtect - where is it in v10.x? in GlobalProtect Discussions
- Device Certificate: can't replace old device cert by putting in newly generated OTP in General Topics
- SSO with macOS devices in General Topics
- GlobalProtect for iOS and Intune data attributes in GlobalProtect Discussions
- What problems or vulnerabilities does this present? in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
