Renew Global Protect Gateway & Portal Certificates

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Renew Global Protect Gateway & Portal Certificates

Hi All,




We are using certificate from external CA for Global Protect Portal and Gateway which is currently in production. 


It is expiring next week. What will be the best way to renew the certificate.


Thank & Regards

S Prasad






Cyber Elite
Cyber Elite

Hi @malayalamitlokam ,


It's easy.  Simply import the new certificate, and it will replace the existing one.  I would export the existing certificate and key just in case.  Since your existing configuration works, I would give the new certificate the same name so I don't have to change the configuration.


Depending on the CA, you should be able to get a new cert with the same private key.  In which case you would not need to import the private key.  This is a good doc for reference ->  One thing I don't like about the doc is that it says you should import the server (portal, gateway) cert with the private key.  This is not necessary if you generated the CSR and key from the Palo Alto or you are re-using the existing private key.





Help the community: Like helpful comments and mark solutions.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!