AI Runtime Security
Generate a Device Certificate
Table of Contents
Generate a Device Certificate
Learn how to generate a device certificate that enables secure communication with PAN
licensing servers.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
The AI Runtime Security: Network intercept requires a device certificate to
retrieve the site license entitlements and securely access AI Runtime Security and Cloud-Delivered Security Services. Each PIN
is generated on the Customer Support Portal and is unique to your Palo Alto
Networks support account.
To retrieve the site licenses when you launch the AI Runtime Security instance, you
must include the auto registration PIN ID and value in the deployment.
To successfully install the device certificate, the AI Runtime Security instance
requires an outbound internet connection, and the following fully qualified domain
names (FQDN) and ports must be allowed on your network.
|
FQDN
|
Ports
|
|---|---|
|
TCP 80
|
|
TCP 443
|
|
TCP 444 and TCP 443
|
The Registration PIN allows you to apply a site license to your AI Runtime
Security: Network intercept at initial startup. The auto registration PIN enables
you to automatically register your usage-based firewalls at launch with the Customer
Support Portal and retrieve site licenses. Use your Registration PIN before it
expires. If you don't, you must return to the Customer Support Portal to generate a
new one.
The Registration PIN ID and value are required to complete the deployment procedure.
Keep the PIN ID and value on hand for later use.
- Log in to the Palo Alto Networks Customer Support Portal with your account credentials.Generate the Registration PIN.
- Select .Enter a Description.Select a PIN Expiration time-period from the drop-down.Click Generate Registration PIN.Save the PIN ID and value.Make sure to use the PIN ID and value before it expires.
