Okta SAML with Panorama - No Self-Signed Cert allowed now

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Okta SAML with Panorama - No Self-Signed Cert allowed now

L1 Bithead

I have a question about the Common Name used on the cert for Panorama SAML login with Okta. Palo is not allowing self-signed cert for SAML anymore and requires the cert to be signed by a 3rd part CA. I need help understanding what Common Name to use in the CSR, CA vendors require an external FQDN be used but this is for Panorama Admins and is not externally accessible. Link below to the CVE-2020-2021 bulletin from Okta/Palo Alto.


I have a ticket open with TAC, Okta, and DigiCert, but so far we haven't made any progress. Maybe someone here can shed light? Thanks in advance!!!



  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!