Generate a Device Certificate
Focus
Focus
AI Runtime Security

Generate a Device Certificate

Table of Contents

Generate a Device Certificate

Learn how to generate a device certificate that enables secure communication with PAN licensing servers.
Where Can I Use This?What Do I Need?
  • Palo Alto Networks Customer Support Portal
The AI Runtime Security instance (firewall) requires a device certificate to retrieve the site license entitlements and securely access AI Runtime Security and Cloud-Delivered Security Services. Each PIN is generated on the Customer Support Portal and is unique to your Palo Alto Networks support account.
To retrieve the site licenses when you launch the AI Runtime Security instance, you must include the auto registration PIN ID and value in the deployment.
To successfully install the device certificate, the AI Runtime Security instance requires an outbound internet connection, and the following fully qualified domain names (FQDN) and ports must be allowed on your network.
FQDN
Ports
  • http://ocsp.paloaltonetworks.com
  • http://crl.paloaltonetworks.com
  • http://ocsp.godaddy.com
TCP 80
  • https://api.paloaltonetworks.com
  • http://apitrusted.paloaltonetworks.com
  • https://certificatetrusted.paloaltonetworks.com
  • https://certificate.paloaltonetworks.com
TCP 443
  • *.gpcloudservice.com
TCP 444 and TCP 443
The Registration PIN allows you to apply a site license to your AI Runtime Security instance at initial startup. The auto registration PIN enables you to automatically register your usage-based firewalls at launch with the Customer Support Portal and retrieve site licenses. Use your Registration PIN before it expires. If you don't, you must return to the Customer Support Portal to generate a new one.
The Registration PIN ID and value are required to complete the deployment procedure. Keep the PIN ID and value on hand for later use.
  1. Log in to the Palo Alto Networks Customer Support Portal with your account credentials.
  2. Generate the Registration PIN.
    1. Select Products Device Certificates Generate Registration PIN.
    2. Enter a Description.
    3. Select a PIN Expiration time-period from the drop-down.
    4. Click Generate Registration PIN.
    5. Save the PIN ID and value.
      Make sure to use the PIN ID and value before it expires.