04-13-2026 07:27 AM
Hi Team,
In reference to PAN-313623 describes an issue on Palo Alto Networks firewalls with Trusted Platform Module (TPM), support where device certificate renewals, may fail due to a disk partition becoming full .
This occurs because temporary .pub_pem files accumulate in the /opt/pancfg/mgmt/ssl/private/ directory and are not deleted during device certificate status checks, specifically when the show device-certificate status CLI command is executed .
The issue PAN-313623 has been addressed and fixed in various PAN-OS versions, including:
PAN-OS 11.1.6-h29
PAN-OS 11.1.10-h21
PAN-OS 11.1.13-h3
PAN-OS 11.2.7-h12
PAN-OS 11.2.10-h5
PAN-OS 11.2.11
For PAN-OS 12.1.x, PAN-313623 is still listed as a known issue in versions 12.1.3, 12.1.4, 12.1.5, and 12.1.6.
My client is at 12.1.6 and needs information about the fix version and when it will be available. As far as now is to reboot NGFW in orden to cleanup this directory and refetech device certificate again.
05-06-2026 06:42 PM
Hi @P.RuizLopez ,
At this time, I do not see a public 12.1.x fixed version listed for PAN-313623. Since the customer needs a fix version/ETA, I would recommend opening a TAC case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
