Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

Warnings: External Dynamic List <list> is configured with no certificate profile.

L4 Transporter


External Dynamic List <list> is configured with no certificate profile.

Please select a certificate profile for performing server certificate validation.


Customer went from 7.1.x to now 8.0.x and is using a MineMeld link in the External Dynami List(EDL).  This link is to a https site. 

We followed this link:


After doing this, the warning was still there.

We had also done this:


So when we went to choose a certificate profle, there was not an option to choose one.




Because of this, we force the certificate profile via the CLI:

# set shared external-list Minemeld-Office-365-IP type ip certificate-profile <cert profile>


This resolved this issue.  Then MineMeld went to update the list and there was an Auth error and the list emptied.

description contains 'EDL server certificate authentication failed. The associated external dynamic list has been removed, which might impact your policy. EDL Name: Minemeld-Office-365-IP, EDL Source URL:, CN: norminemeld, Reason: SSL peer certificate or SSH remote key was not OK'



The customer then went back to Panorama and removed the cert profile.


We have also looked at this post:


Namely the second to the last comment by: PerTenggren

After further investigation it seems that EDL created as "shared" can't list any certificate profile, but it works if assigning the EDL to a specific device group.


Customer said that: All of our policies that reference the Minemeld external dynamic list are Shared (global) in nature and cannot see a local EDL.




Customer is wanting to not see this warning message after commits.


Who Me Too'd this topic