Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About Angelo
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Angelo
09-02-2020
9Posts
0Likes
1Solution
Sep 02, 2020Last Visited
User
Activity
User
Profile
Latest posts by Angelo
| Subject | Views | Posted |
|---|---|---|
| 42325 | 08-17-2016 11:59 AM | |
| 6356 | 12-19-2013 07:23 PM | |
| 10302 | 12-19-2013 07:22 PM |
User Badges
Community Statistics
| Member Since | 11-06-2011 05:38 AM |
| Date Last Visited | 09-02-2020 10:45 AM |
| Posts | 15 |
08-17-2016
11:59 AM
2 Kudos
If you are using your Palo Alto Networks firewall as a trusted root CA, you can generate a web server certificate for MineMeld to replace the self-signed one.
Start Inside WebGUI
Steps:
Go to your Palo Alto Network Firewall or Panorama WebGUI
Device > Certificate Management > Certificate
At the bottom of the screen, click Generate, to create a new certificate. Ensure that it is signed by the firewall by clicking "Certificate Authority".
Export the pem file with the private key by clicking the certificate you want to export and clicking Export at the bottom of the screen. Then use "Base64 Encoded Certificate (PEM)" and also select "Export private key" and click OK.
Now to the CLI
Steps:
Now copy the cert to minemeld with the command:
> scp cert_minemeld.pem ubuntu@<minemeldIP>
Now, log into MineMeld via ssh with the command:
ssh ubuntu@<minemeldIP>
Now backup the current certificates in case you need to revert back to them if something goes wrong [minemeld ~]$ sudo mv /etc/nginx/minemeld.cer /etc/nginx/minemeld.cer-orig [minemeld ~]$ sudo mv /etc/nginx/minemeld.pem /etc/nginx/minemeld.pem-orig
The pem file that you generated will have both the private and public key so you need to split the two. This is how I did it, you may have a better way. The file is readable so you can copy and paste the sections into two different files or use the CLI commands: NOTE: Please note that there might be a error with sudoing the refers to missing entries in the /etc/hosts file, as the hostname is not automatically added to this file
[minemeld ~]$ cat cert_minemeld.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "minemeld" n ".cer"}' [minemeld ~]$ sudo cp minemeld.cer /etc/nginx/minemeld.cer [minemeld ~]$ sudo openssl rsa -in minemeld1.cer -out -out /etc/nginx/minemeld.pem [minemeld ~]$ sudo service nginx restart
Now restart the browser session and you should not receive an untrusted error, if the root CA that signed the certificate is installed correctly on your machine.
... View more
- Find more articles tagged with:
- cert
- certificate
- generate
- https
- minemeld
12-19-2013
07:23 PM
Hi - did you try disabling "Skip Auth on IKE Rekey" under the Gateway --> Client Configuration --> Tunnel Settings
... View more
12-19-2013
07:22 PM
Hi - did you try disabling "Skip Auth on IKE Rekey" under the Gateway --> Client Configuration --> Tunnel Settings
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-02-2020
10:45 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
