unable to change the web-gui certificate


ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

L3 Networker

unable to change the web-gui certificate

hi ,

recently i wanted to changed the web-gui certificate i followed the procedure on how to create a certificate in openssl ( for panos 4.x) the certificate created successfully. i event imported into the appliance but whenever i click on the checkbox Certificate for Secure Web GUI i receive the following error system -> web-server-certificate 'cert' is not a valid reference, do i have to upload the main CA cert before uploading the certificate i created ?...

appreciate the help.


L5 Sessionator

Hello Fahad,

You may want to ensure that they imported both keys. If you just imported the public key (certificate) it won't work. We need the private key to be able to be able to encrypt outbound data. Verify that the certificate you are importing is of the same key length/type and has the similar hash algorithm to the one generated by the firewall.

The certificate should be RSA 2048 with SHA1 hash.  The firewall generates certificates with usage as: Digital Signature, Key Encipherment, Key Agreement, Certificate Signing, Off-line CRL Signing, CRL Signing (ae)

Hope that helps!

Thanks and regards,

Kunal Adak

L3 Networker

You will need the root certificate.  You can export this from SSL, it will only be the public key but that is ok, import it into the Palo Alto and mark it as a trusted root ca.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!