I ran into an issue with the decryption cert being provide by my PA it had expired.
it was 30 days in. I believe this is an issue with the date time comparision and timezones as it has fixed itself today.
How do i find / look at these temp certs via the cli
how can i delete / renew or purge them from the cli
request certificate renew certificate-name <value> days-till-expiry <1-7300>
request certificate revoke certificate-name <value>
show shared certificate-profile <name>
Show the expiration dates of all certs on the firewall:
set cli config-output-format set configure show shared certificate | match not-valid-after
In the CLI you can use this command to find other commands:
find command keyword <value>
Ups ... I (completely) misunderstood something here 😛
... in this case the possible commands you can find here: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-View-SSL-Decryption-Information-f...
With this command you can show at least some of the information that you asked for:
show system setting ssl-decrypt certificate-cache
And yes, a certificate managment isn't really possible with these dynamically created certs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!