How To use Certificate For Secure Web-GUI Access HA pair

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How To use Certificate For Secure Web-GUI Access HA pair

L3 Networker

Dear All,

referred below link for Secure Web-GUI access, successfully done with my primary firewall, how can i achieve this when i have firewall in HA?

 

How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks

 

I will be using a self-signed certificate. and will distribute and install that certificate to necessary management systems only.

 

regards,

 

1 accepted solution

Accepted Solutions

Hi @Doyenadmin ,

Check the following discussions where similar question was asked:

LIVEcommunity - Certificates duplicated from Primary to Secondary firewall in Palo alto - LIVEcommun...

Solved: LIVEcommunity - SSL certificate for passive firewall - LIVEcommunity - 475947 (paloaltonetwo...

 

TL;DR - certificate is not synchronized so you need to import it separately on both members. However you must use the same name (no cert CN, but name for the cert when importing it to the config). You can choose to use separate certificates with different CNs for each member, or single cert using SAN or wildcard.

View solution in original post

2 REPLIES 2

Hi @Doyenadmin ,

Check the following discussions where similar question was asked:

LIVEcommunity - Certificates duplicated from Primary to Secondary firewall in Palo alto - LIVEcommun...

Solved: LIVEcommunity - SSL certificate for passive firewall - LIVEcommunity - 475947 (paloaltonetwo...

 

TL;DR - certificate is not synchronized so you need to import it separately on both members. However you must use the same name (no cert CN, but name for the cert when importing it to the config). You can choose to use separate certificates with different CNs for each member, or single cert using SAN or wildcard.

L3 Networker

Thanks @aleksandar.astardzhiev for the inputs.

 

I'll try this out and update you on this.

 

  • 1 accepted solution
  • 1239 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!