Palo Alto Machine Certificate Report for Cert-based VPN Authentication

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Palo Alto Machine Certificate Report for Cert-based VPN Authentication

L0 Member

I am looking to enable Certificate-Based VPN Authentication within our network infrastructure. Prior to implementing this feature, I would like to to run a Palo report to identify endpoints recognized by Palo Alto that possess machine certificates issued by two specific CA Intermediate certificates, which we will be keying off of for the future Certificate-Based VPN Authentication..


I have a Certificate Profile and I am collected HIP data in my GlobalProtect Portal config.

Despite my efforts to create a custom report using HIP Objects, HIP Checks, and Certificate Profiles, the generated report consistently appears empty. Upon inspecting the GlobalProtect agent on my machine, I observed that the Host Information Profile section remains unpopulated under the "certificates" category.

I contacted Palo Alto support for assistance, and after a Zoom call and some back and forth in the support case, they said "On Palo Alto firewall there's no such option as of now to generate any such report."

Is this true? Is there another way I could obtain certificate information/report from Palo Alto specifically? I have other means via other tooling to pull a certificate report, but I want to pull the report from Palo specifically to make sure that the Palo is recognizing the certificates correctly.


Thank you!

  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!