Add a Certificate to Cloud NGFW for AWS
Cloud NGFW uses certificates to access an
intelligent feed and to enable inbound and outbound decryption.
These certificates are stored in the AWS Secrets Manager. The
when adding certificate to the AWS Secrets Manager for use with
Cloud NGFW, the following prerequisites must be met.
- Certificate added as a key/value pair, with two keys—private-keyandpublic-key. For the private key, the value should be the actual key and, for the public-key, the value should be the actual certificate body.
- A tag with the keyPaloAltoCloudNGFWand value oftrue.
Complete the
following procedure to add a certificate for use with Cloud NGFW
for AWS.
- Add your certificate to the AWS Secrets Manager.
- Log in to the AWS console, navigate to the AWS Secrets Manager, and clickStore a new secret.
- SelectOther type of secret.
- UnderKey/value pairs, create a key calledprivate-keyand another calledpublic-key.
- Paste your entire private key and entire public key in the corresponding field.
- ClickNext.
- Enter a descriptiveSecret Name.
- Add a tag with the KeyPaloAltoCloudNGFWand Valuetrue.
- ClickNext,Nextagain, andStoreto finishing adding your certificate.
- SelectRulestacksand select a previously-created rulestack on which to configure a custom URL category.
- Select .
- Enter a descriptiveNamefor your certificate.
- (optional) Enter a description for your certificate.
- Enter theCertificate ARNfrom the AWS Secrets Manager.
- If the certificate is self-signed, checkSelf Signed Certificate.Inbound decryption does not support self-signed certificates.
- ClickSave.
