cancel
Showing results for 
Search instead for 
Did you mean: 

Who rated this post

For everyone that's interested in Let's Encrypt integration with PAN-OS:

 

Hi, my name is Garfield and I work here at Palo Alto Networks in the developer relations team.  I'm wanting to get a feel for the interest and expectations of a Let's Encrypt integration.  I'd very much appreciate anyone who's interested in a Let's Encrypt integration to respond to this thread with some information about their setup and expectations.

 

I'd like to separate this discussion into a few parts:  what integrations today are doing, what can be done to help that in the short term, and what the expectation for the end result could look like.

 

Today:  given that there is currently no native Let's Encrypt client on PAN-OS, people that are using Let's Encrypt certs on PAN-OS today are, to my knowledge, running a client on some (linux) host to renew the certs, then uploading the certs to their PAN-OS.

 

End-goal:  I assume that the desired end-result is that PAN-OS runs Let's Encrypt natively, doing cert renewal automatically behind the scenes.

 

So here's the questions I have:

 

1) If you're currently using Let's Encrypt certs with PAN-OS and your workflow does not look like the above, can you briefly describe it?

2) Is your desired end goal that PAN-OS runs Let's Encrypt natively?  If not, what is your desired end goal?

3) In between the end goal and now, would you want a stop-gap solution?

4) If you want a stop-gap solution, what form should it take?  A standalone executable / script?  Ansible module?  Terraform resource?  Tie-in to an existing Let's Encrypt client, such as certbot or acme.sh?

 

Thanks in advance for the feedback!

 

Who rated this post