This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Install Device Certificate for LogCollector CLI

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Install Device Certificate for LogCollector CLI

omarbatis
L0 Member

‎09-22-2021 02:38 AM

Hello everyone,

I upgraded a Pan log collector to Software version 9.1.11 . Recently I receive the event "No valid device certificate found" . So I need to generate OTP certificate and install it . This can be done easily through GUI. However, with LogCollecor , Web UI is disabled and CLI is the only way to access the device .

Can anyone guide on how to install the OTP certificate on Pan LC through CLI ?

5 REPLIES 5

PavelK
Cyber Elite
Cyber Elite

‎09-22-2021 03:15 AM

Thank you for posting question @omarbatis

 

I had the same issue and could not find any way to do it by CLI. I ended up opening a ticket to TAC. Unfortunately, the answer was it is not possible to provision a device certificate for log collector. Unless they came up with a new feature in future releases to do it, you will have to ignore warning about missing certificate.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MajesticSteel
L2 Linker

‎01-05-2022 08:03 AM

PAN-OS 9.1.11

Panorama appliances in Log Collector mode only - The following CLI command was added to disable
No valid device certificate found messages in the system log:

debug skip-cert-renewal-check-syslog yes
0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎01-07-2022 03:08 PM

Thank you for the post @MajesticSteel and great catch!

 

I based my reply on experience with PAN-OS earlier than 9.1.11 and did not realized this has been fixed: PAN-157089, however I tried to issue this in M-500 as well we M-600 running 9.1.12-h3, but this command is not available. I have opened a TAC case again, but there was no update since 3 days. Did you manage to resolve this issue?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MajesticSteel
L2 Linker
In response to PavelK

‎01-10-2022 05:09 AM

I did not have the issue. Just happened to notice the post and a possible fix so I shared it.

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎04-20-2022 05:24 AM

Sorry for not getting back to you earlier. Yesterday after approximately 3 month, I got a reply from TAC. This debug command is not available for log collector, but will be added in the future release. Timeline for this is not defined yet. For now, there is no way to suppress this system log and they will update it as known issue.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 4452 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks