Generate certificates in templates with cli

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generate certificates in templates with cli

L1 Bithead

Hi everyone,

 

i know that i can generate certificates on the panorama itself with the command:

 

request certificate generate ca no signed-by myCA digest sha512 days-till-expiry 365 countrycode DE organization "My Org" hostname [ hostname hostname.mydomain ] name hostname.mydomain certificate-name myCert algorithm RSA rsa-nbits 4096

 

but as this is done in operational mode on the panorama, there is no way to select a template where the certificates should be generated.

 

We have to change our RootCA and so i have to generate new certificates for all our palos.

with cli this would be done in seconds

 

Thanks for your help

 

Panorama 

3 REPLIES 3

Cyber Elite
Cyber Elite

Thank you for the post @JGriessmeier

 

If you have a chance to do it from Panorama's GUI, then it can be done easily from Template that is bound to Template Stack of your Firewalls. Below is a sample:

 

PavelK_0-1642758218681.png

 

Regarding CLI, I had a quick look and this option is available:

 

set template [template name] config shared certificate "Cert Name"...

 

Under "set template [template name] config shared certificate "Cert Name", there are couple of options to specify details of certificate. Unfortunately, I have never tried to use CLI for this, so I can't provide further guidance.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Hi Pavel,

 

thanks for your approach.

 

i have access and know how to do it by hand, but doing this for > 25 devices (different dns names in the certificate) is a matter of time.

generating the config for the cli in an editor and pushing it is way faster.

 

i also found the option for "set template" but you have to set the otherwise generated options by hand e.g. private and public key

so this won't work for me

 

Greetings

Did you ever find a solution for generating cert requests via the Pano CLI? It sure would be nice not to go through each device on the GUI.

  • 3403 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!