- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-21-2021 09:07 PM
Hi All,
Greetings,
We are using certificate from external CA for Global Protect Portal and Gateway which is currently in production.
It is expiring next week. What will be the best way to renew the certificate.
Thank & Regards
S Prasad
12-22-2021 09:06 AM
Hi @malayalamitlokam ,
It's easy. Simply import the new certificate, and it will replace the existing one. I would export the existing certificate and key just in case. Since your existing configuration works, I would give the new certificate the same name so I don't have to change the configuration.
Depending on the CA, you should be able to get a new cert with the same private key. In which case you would not need to import the private key. This is a good doc for reference -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFoCAK. One thing I don't like about the doc is that it says you should import the server (portal, gateway) cert with the private key. This is not necessary if you generated the CSR and key from the Palo Alto or you are re-using the existing private key.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!