This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Generate certificates in templates with cli

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Generate certificates in templates with cli

JGriessmeier
L1 Bithead

‎01-21-2022 12:35 AM

Hi everyone,

 

i know that i can generate certificates on the panorama itself with the command:

 

request certificate generate ca no signed-by myCA digest sha512 days-till-expiry 365 countrycode DE organization "My Org" hostname [ hostname hostname.mydomain ] name hostname.mydomain certificate-name myCert algorithm RSA rsa-nbits 4096

 

but as this is done in operational mode on the panorama, there is no way to select a template where the certificates should be generated.

 

We have to change our RootCA and so i have to generate new certificates for all our palos.

with cli this would be done in seconds

 

Thanks for your help

 

Panorama 

Panorama
Thumbnail of Panorama
Palo Alto Networks
Panorama
Network Security
View on Product Page
0 Likes Likes
3 REPLIES 3

PavelK
Cyber Elite
Cyber Elite

‎01-21-2022 01:51 AM

Thank you for the post @JGriessmeier

 

If you have a chance to do it from Panorama's GUI, then it can be done easily from Template that is bound to Template Stack of your Firewalls. Below is a sample:

 

PavelK_0-1642758218681.png

 

Regarding CLI, I had a quick look and this option is available:

 

set template [template name] config shared certificate "Cert Name"...

 

Under "set template [template name] config shared certificate "Cert Name", there are couple of options to specify details of certificate. Unfortunately, I have never tried to use CLI for this, so I can't provide further guidance.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

JGriessmeier
L1 Bithead
In response to PavelK

‎01-21-2022 02:07 AM

Hi Pavel,

 

thanks for your approach.

 

i have access and know how to do it by hand, but doing this for > 25 devices (different dns names in the certificate) is a matter of time.

generating the config for the cli in an editor and pushing it is way faster.

 

i also found the option for "set template" but you have to set the otherwise generated options by hand e.g. private and public key

so this won't work for me

 

Greetings

0 Likes Likes

grimdbd
L0 Member
In response to JGriessmeier

‎01-02-2024 10:02 AM

Did you ever find a solution for generating cert requests via the Pano CLI? It sure would be nice not to go through each device on the GUI.

0 Likes Likes
  • 3377 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks