The below are the steps to renew GP certificate for Prisma Access on Strata Cloud Manager
*Note in this example we are using Azure as the IDP
- Make sure to delete the old certificate on the Azure SAML IdP side
- Then export the new SAML metadata XML file (which has only the new certificate) from Azure IdP
- In Strata Cloud Manager(SCM), navigate to Manage > Configurations > NGFW & Prisma Access > Identity Services > Authentication > Server Profiles > SAML, open the existing SAML profile which you use and click on "Import" under Identity Provider Certificate, to import the new metadata XML file to the SCM console. Now save the SAML profile.
- After that, navigate to Objects > Certificate Management to verify and confirm that the Azure SAML IdP certificate is automatically renewed.
- Now do an 'all-admin' push to the Mobile Users template to ensure the update is propagated to the Prisma Access backend nodes
(Note: All-admin push is needed, as it will show the changes done by 'System' since the new SAML certificate is extracted from the recently imported XML file)
