i know that i can generate certificates on the panorama itself with the command:
request certificate generate ca no signed-by myCA digest sha512 days-till-expiry 365 countrycode DE organization "My Org" hostname [ hostname hostname.mydomain ] name hostname.mydomain certificate-name myCert algorithm RSA rsa-nbits 4096
but as this is done in operational mode on the panorama, there is no way to select a template where the certificates should be generated.
We have to change our RootCA and so i have to generate new certificates for all our palos.
with cli this would be done in seconds
Thanks for your help
Thank you for the post @JGriessmeier
If you have a chance to do it from Panorama's GUI, then it can be done easily from Template that is bound to Template Stack of your Firewalls. Below is a sample:
Regarding CLI, I had a quick look and this option is available:
set template [template name] config shared certificate "Cert Name"...
Under "set template [template name] config shared certificate "Cert Name", there are couple of options to specify details of certificate. Unfortunately, I have never tried to use CLI for this, so I can't provide further guidance.
thanks for your approach.
i have access and know how to do it by hand, but doing this for > 25 devices (different dns names in the certificate) is a matter of time.
generating the config for the cli in an editor and pushing it is way faster.
i also found the option for "set template" but you have to set the otherwise generated options by hand e.g. private and public key
so this won't work for me
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!