Cloud NGFW for Azure
  • Cloud NGFW for Azure
  • All Documentation
Cloud NGFW for Azure
: Add a Certificate to Cloud NGFW for Azure
Focus
Download PDF
Focus
  1. Home
  2. Azure
  3. Cloud NGFW for Azure
  4. Cloud NGFW Native Policy Management Using Rulestacks
  5. Add a Certificate to Cloud NGFW for Azure
Download PDF

Cloud NGFW for Azure

Add a Certificate to Cloud NGFW for Azure

Table of Contents
Cloud NGFW uses certificates to enable outbound decryption. These certificates are stored in the Azure Key Vault.
Only self-signed and root CA signed certificates are currently supported for decryption. Chained certificates are not supported.
PAN-OS version 11.0.x is required when using Azure Key Vault for outbound decryption.
  1. Click the Local Rulestacks icon from the homepage and select a previously created rulestack on which you wish to create a certificate.
  2. Click Certificates on the left pane and click Add. The Add Certificate List pane opens.
  3. Enter a descriptive Name for your certificate.
  4. ( optional) Enter a description for your certificate.
  5. If the certificate is self-signed, check Self Signed Certificate.
  6. If the certificate isn't self-signed, then obtain Certificate URI by navigating to Azure key vaultCertificates and copy-paste the Secret Identifier URI in Certificate URI.
  7. ( optional) In the Certificate source field, choose the respective option: Select from Key vault or Paste URI.
  8. Click Add.
  9. Create a managed identity in the same resource group as the key vault. See, Create a user-assigned managed identity.
  10. Navigate to Azure Key Vault> Access Policies.
  11. Click Create to configure an access policy that assigns Key Vault Certificates Officer and Key Vault Secrets User to the managed identity created in step 9.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.