I upgraded a Pan log collector to Software version 9.1.11 . Recently I receive the event "No valid device certificate found" . So I need to generate OTP certificate and install it . This can be done easily through GUI. However, with LogCollecor , Web UI is disabled and CLI is the only way to access the device .
Can anyone guide on how to install the OTP certificate on Pan LC through CLI ?
Thank you for posting question @omarbatis
I had the same issue and could not find any way to do it by CLI. I ended up opening a ticket to TAC. Unfortunately, the answer was it is not possible to provision a device certificate for log collector. Unless they came up with a new feature in future releases to do it, you will have to ignore warning about missing certificate.
Thank you for the post @MajesticSteel and great catch!
I based my reply on experience with PAN-OS earlier than 9.1.11 and did not realized this has been fixed: PAN-157089, however I tried to issue this in M-500 as well we M-600 running 9.1.12-h3, but this command is not available. I have opened a TAC case again, but there was no update since 3 days. Did you manage to resolve this issue?
Sorry for not getting back to you earlier. Yesterday after approximately 3 month, I got a reply from TAC. This debug command is not available for log collector, but will be added in the future release. Timeline for this is not defined yet. For now, there is no way to suppress this system log and they will update it as known issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!