Panorama Distributed Certs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama Distributed Certs

L4 Transporter

Am I going mad, or can anyone else not actually use certificates imported in Panorama and then distributed to end devices?

Once I have pushed these to PA's I cannot seem to apply them to 'functions' via the GUI or the CLI.

Using the same certificate uploaded directly to the PA, everything is fine.

I'm on PAN-OS 4.1.4.

Rgds

1 accepted solution

Accepted Solutions

L4 Transporter

The Panorama pushed certs can be used but you must us the CLI for configuring as a forward un/trust cert.

admin@PA-2020# set vsys vsys2 ssl-decrypt

+ forward-trust-certificate     CA certificate for trusted sites

+ forward-untrust-certificate   CA certificate for untrusted sites

Is this where you were trying to use the cert?

View solution in original post

3 REPLIES 3

L4 Transporter

The Panorama pushed certs can be used but you must us the CLI for configuring as a forward un/trust cert.

admin@PA-2020# set vsys vsys2 ssl-decrypt

+ forward-trust-certificate     CA certificate for trusted sites

+ forward-untrust-certificate   CA certificate for untrusted sites

Is this where you were trying to use the cert?

How come this cannot be done through Panorama?

The UI shows settings from two different places in the config in one location. A certificate is something that lives under a portion of the config which can be pushed from Panorama and the ssl decrypt settings lives in a place which currently does not support central management.

We are investigating the effort to support pushing these settings in a future release of Panorama.

  • 1 accepted solution
  • 2479 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!