02-09-2026 11:06 PM
On a Palo Alto Networks PA-3410, I ran the following command:
request certificate fetch otp <otp_value>
But, the job is created but remains Pending (0%) and never completes, even after multiple retries.
Currently, the device certificate status is still none.
with the job status as follows:
2026/02/09 21:20:59 21:20:59 33870 Device-certificate-fetch ACT PEND 0%
2026/02/09 14:07:16 14:07:16 33780 Device-certificate-fetch ACT PEND 0%
2026/02/08 13:04:23 13:04:23 33477 Device-certificate-fetch ACT PEND 0%
2026/02/07 14:55:48 14:55:48 33208 Device-certificate-fetch ACT PEND 0%
2026/02/07 13:58:03 13:58:03 33193 Device-certificate-fetch ACT PEND 0%
2026/02/07 13:07:52 13:07:52 33180 Device-certificate-fetch ACT PEND 0%
Has anyone encountered this issue before?
What was the solution to successfully complete the device certificate fetch?
02-10-2026 11:56 AM
Hi @F.Harits ,
Open a TAC case. They will walk you through gaining root access (through challenge and response only available to TAC). They will run Python scripts to remove the invalid certificate and add a new one.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
