Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
05-15-2024 07:42 AM
We would like to remove the device certificate from a couple of our firewalls. We don't use or need the device certificates at this time and would prefer them not be installed.
I tried to do a factory reset and the certificate automatically downloaded and installed itself.
05-16-2024 06:08 AM
Why would you not want it there? it's (only) used for secure communication with Palo Alto cloud services so won't be used if you have no cloud subscriptions
If you want to 'break' it, you could generate a new OTP via the support portal and then simply not import it onto your firewall (but again to my first line, why would you not want it there?)
05-16-2024 06:02 AM
Hello,
What are you needing to remove the device certificate entirely for? Its used for various communication with PAN services. If you would want to the device to not grab its device certificate you would need to block the connection to the CSP.
05-16-2024 06:08 AM
Why would you not want it there? it's (only) used for secure communication with Palo Alto cloud services so won't be used if you have no cloud subscriptions
If you want to 'break' it, you could generate a new OTP via the support portal and then simply not import it onto your firewall (but again to my first line, why would you not want it there?)
05-16-2024 08:49 AM
We do not have device certificates on any of our other devices. It was just odd that the cert seemed to auto-install on this firewall (a 5410 on 10.2.x). We don't use any of the cloud services and I didn't create a OTP through the support portal. It was requested by a senior member of our team to remove it. I'm guessing because we don't use any of the services.
I also noticed that the certificate auto installed on some new 440's that we are working on deploying.
I found out from our SE that I would need root access via TAC in order to try to remove it, and that doesn't guarantee it won't reinstall itself.
I plan on leaving it for now.
06-03-2024 06:44 AM
Can I ask a question related to this?
06-04-2024 01:21 AM
ofcourse!
06-13-2024 12:33 AM
@jwill2 wrote:
We would like to remove the device certificate from a couple of our firewalls. We don't use or need the device certificates at this time and would prefer them not be installed.
I tried to do a factory reset and the certificate automatically downloaded and installed itself.
To prevent automatic certificate installation after a factory reset, ensure to disconnect from any network during setup or configure network settings to avoid automatic downloads.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
