Cloud NGFW for Azure
    : Add a Certificate to Cloud NGFW for Azure
    Focus
    Download PDF
    Focus
    1. Home
    2. Azure
    3. Cloud NGFW for Azure
    4. Cloud NGFW Native Policy Management Using Rulestacks
    5. Add a Certificate to Cloud NGFW for Azure
    Download PDF

    Cloud NGFW for Azure

    Add a Certificate to Cloud NGFW for Azure

    Table of Contents

    Add a Certificate to Cloud NGFW for Azure

    Cloud NGFW uses certificates to enable outbound decryption. These certificates are stored in the Azure Key Vault.
    Only self-signed and root CA signed certificates are currently supported for decryption. Chained certificates are not supported.
    PAN-OS version 11.0.x is required when using Azure Key Vault for outbound decryption.
    1. Click the Local Rulestacks icon from the homepage and select a previously created rulestack on which you wish to create a certificate.
    2. Click Certificates on the left pane and click Add. The Add Certificate List pane opens.
    3. Enter a descriptive Name for your certificate.
    4. ( optional) Enter a description for your certificate.
    5. If the certificate is self-signed, check Self Signed Certificate.
    6. If the certificate isn't self-signed, then obtain Certificate URI by navigating to Azure key vaultCertificates and copy-paste the Secret Identifier URI in Certificate URI.
    7. ( optional) In the Certificate source field, choose the respective option: Select from Key vault or Paste URI.
    8. Click Add.
    9. Create a managed identity in the same resource group as the key vault. See, Create a user-assigned managed identity.
    10. Navigate to Azure Key Vault> Access Policies.
    11. Click Create to configure an access policy that assigns Key Vault Certificates Officer and Key Vault Secrets User to the managed identity created in step 9.

    © 2024 Palo Alto Networks, Inc. All rights reserved.