Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Device Certificate unable renew automatically

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Device Certificate unable renew automatically

L2 Linker

Hi All,

 

Previously, the firewall PAN-PA-1420 had "Failed to renew device certificate. Invalid request. Authentication failed" until the device certificate status became Expired. This triggered an alert because the firewall couldn't establish a connection with the cloud service.

 

However, the issue was resolved by manually renewing the device certificate using the command "request certificate fetch." and the device certificate is now valid.

 

According to the documentation, the firewall should automatically attempt to reinstall the device certificate 15 days before it expires. Restore an Expired Device Certificate (paloaltonetworks.com)

 

  1. What caused the firewall to be unable to automatically renew the device certificate before it expired?
  2. How often does the firewall try to renew the certificate in the 15 days before it expires?


Thank you.

3 REPLIES 3

L4 Transporter

Hello @Aniq_Razak - there are multiple reasons this process could fail, generally related to network connectivity issues.  What version of PAN-OS are you using on your PA-1420?

 

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

Hi @iarobertson - thank you for your response. Currently running PAN-OS 11.0.1-h2

L4 Transporter

Is your connection via a proxy, or direct to the internet, @Aniq_Razak ?

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks
  • 1466 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!