01-11-2025 02:19 AM
Hello,
I am working with an IPsec VPN setup on my Palo Alto Networks firewall and am currently using certificate-based authentication. My organization utilizes an internal Certificate Authority (CA) that supports ACME (Automatic Certificate Management Environment) for certificate enrollment. However, I haven't been able to find any resources or forums indicating whether Pan-OS supports ACME for automated certificate management.
Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment? Any guidance or documentation would be greatly appreciated!
Thank you!
01-15-2025 08:06 PM
Hi @melissa59zebrowski ,
PAN-OS does not natively support ACME. You will have to leverage SCEP for auto cert enrollment.
07-02-2025 10:45 PM
This really needs to change. ACME is a standard protocol and automation is going to become critical as certificate length gradually decreases down to 47 days maximum in 2029. This is a security feature, I would like to think Palo Alto would be ahead of the curve on this one, not playing catch up...
Certificate expiry will be down to 6 months as of March next year 2026.
Please, help us.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
