Urgent action required: PAN-OS certificate expiration advisory

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Urgent action required: PAN-OS certificate expiration advisory

L0 Member

 

I recommend reviewing the customer advisory linked above in detail in order to understand the next steps and applicability. Essentially, the root and default certificate on PAN-OS will expire on December 31, 2023 - if not renewed before that date, this will result in firewalls and/or Panorama losing connectivity to our cloud services as well as between each other when data redistribution (User-ID, Tags, etc.) is configured, potentially causing an impact to network traffic.

 

All of our Palo Alto firewalls and Panorama running in software version - 10.2.5 , do we need to upgrade it or its already fixed.

 

13 REPLIES 13

Community Team Member

HI @kdamodaran ,

 

On 10.2.5 you are good to go. On 10.2.4 or greater, the PA root certificates are included. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L0 Member

is this a bug ? we have some device some running on 10.2.5 and 10.2.4 . What action is required from our side inorder not to have any impact on production.

L0 Member

HI there, I've received the same message when logging in to our firewall. Current version is 10.1.3. I followed the link on the firewall which brought me here but it tells me i do not have access permissions to get to see how i remedy this issue. Can someone please help with this...Ill happily renew the certificate if Palo Alto will be so kind as to let us know how it is done!

Same here . shows access denied for me too.

If the firewall is running in version 10.1.3, I recommend upgrading to target version as per below snapshot. 

 

KDamodaran1_1-1700069858374.png

 

 

 

 

 

Karthikeyaon Da

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Karthikeyaon Da

L0 Member

My guess would be you have a 'free' account on the Live community instead of a customer/partner account? That page is only accessible if you have a support enabled account (access to support.paloaltonetworks.com)

Karthikeyaon Da

L1 Bithead

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Karthikeyaon Da

L0 Member

pan-os 9.1.11 Does the certificate expiration affect Communication between the firewall and Windows User-ID/Terminal Server Agents or firewalls?

L0 Member

same problem here, i cant see de link because i don't have "special priviledges"

dnsmaster

L0 Member

Essentially, as long as you are in one of the versions appearing in @KDamodaran1's table and install the content update 8776-8390 or later, you should be fine. Said content update pretty much carries the new certificate.

Thanks

dnsmaster
  • 14936 Views
  • 13 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!