- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-30-2012 11:34 AM
Am I going mad, or can anyone else not actually use certificates imported in Panorama and then distributed to end devices?
Once I have pushed these to PA's I cannot seem to apply them to 'functions' via the GUI or the CLI.
Using the same certificate uploaded directly to the PA, everything is fine.
I'm on PAN-OS 4.1.4.
Rgds
03-30-2012 12:44 PM
The Panorama pushed certs can be used but you must us the CLI for configuring as a forward un/trust cert.
admin@PA-2020# set vsys vsys2 ssl-decrypt
+ forward-trust-certificate CA certificate for trusted sites
+ forward-untrust-certificate CA certificate for untrusted sites
Is this where you were trying to use the cert?
03-30-2012 12:44 PM
The Panorama pushed certs can be used but you must us the CLI for configuring as a forward un/trust cert.
admin@PA-2020# set vsys vsys2 ssl-decrypt
+ forward-trust-certificate CA certificate for trusted sites
+ forward-untrust-certificate CA certificate for untrusted sites
Is this where you were trying to use the cert?
03-30-2012 12:53 PM
How come this cannot be done through Panorama?
03-30-2012 01:38 PM
The UI shows settings from two different places in the config in one location. A certificate is something that lives under a portion of the config which can be pushed from Panorama and the ssl decrypt settings lives in a place which currently does not support central management.
We are investigating the effort to support pushing these settings in a future release of Panorama.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!