Importing root certificate in Panorama 10.2.15 not working/ EDL hosting service.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Importing root certificate in Panorama 10.2.15 not working/ EDL hosting service.

L3 Networker

Hi,


I have a strange issue i am trying to import the globalsign root certificate into panorama device template.

I am following this article (also doubt the global sign is needed because when i browse manualy to the EDL the url is singed by Google)

Configure the Firewall to Access an External Dynamic List from the EDL Hosting Service (paloaltonetw...

I have upload the certificate but renamed it to .jpg you can just rename it to .cer to have a look or open it with Notepad.  The format is correct. 

When i try to import this in panorama i always get the error:

Import of EDL-SERVICE-HOSTING failed. Failed to find begining of certificate. Make sure certificate starts with BEGIN CERTIFICATE tag  (there is also a spelling mistake in the error should be beginning to my knowledge)

When i upload the same cert directly onto the firewalls i have no issue.

Anybody experienced this issue with version 10.2.5 ?

 

CERT CONTENT:

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

 

 

 

1 accepted solution

Accepted Solutions

L3 Networker

Ok problem solved only work with Edge, chrome and firefox fail.

 

View solution in original post

6 REPLIES 6

L3 Networker

Ok problem solved only work with Edge, chrome and firefox fail.

 

L0 Member

I wanted to reply that I had this issue "failed to find begining of certificate file" trying to import a PFX cert into Panorama on 11.0.3. Using Edge solved the issue. What is odd is that I had recently replaced a cert on 11.0.3 in using Firefox and that worked but importing a brand new certificate did not.

L0 Member

You can also try to use Incognito browser (of Chrome!) which works for us.

Assuming there's something with how the web server used by Palo for GUI works. From my memory they use ngnix.

So there might be something happening in the guts between the FW and the user's browser on that level but nobody looks into that because of the low priority.

L0 Member

The error " Failed to find begining of certificate. Make sure certificate starts with BEGIN CERTIFICATE tag" is solved.
If you are in Edge browser, logout Panorama. Then open Chrome and login to Panorama and try import the certificate.

Thank YOU! That worked for me too ZGomez on Panorama 10.2.8-h3. Chrome was not working, but Chromium based Edge certainly worked.

L0 Member

Panorama-10.2.7-h18 --- Experienced same issue. Both Edge and Chrome Failed with same error.  Cleared All browser history, cache, Cookies.   Issue was then resolved issue on both Browsers.

  • 1 accepted solution
  • 5771 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!