>
    Strata Copilot
    Generate a Device Certificate for Prisma AIRS AI Runtime: Network Intercept
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Activation & Onboarding
    4. Prisma AIRS Licenses
    5. Generate a Device Certificate for Prisma AIRS AI Runtime: Network Intercept
    Download PDF
    Prisma AIRS

    Generate a Device Certificate for Prisma AIRS AI Runtime: Network Intercept

    Table of Contents

    Generate a Device Certificate for Prisma AIRS AI Runtime: Network Intercept

    Learn how to generate a device certificate that enables secure communication with Palo Alto Networks licensing servers.
    Where Can I Use This?What Do I Need?
    • Palo Alto Networks Customer Support Portal
    • Prisma AIRS Licenses
    • An outbound internet connection from the Prisma AIRS deployment
    • Access to specific FQDNs and ports for certificate retrieval
    Before you can deploy Prisma AIRS AI Runtime: Network intercept, you must generate a device certificate using a Registration PIN. This certificate is required to retrieve your site license entitlements and to securely connect to Prisma AIRS and other Cloud-Delivered Security Services (CDSS).
    • The device certificate ensures secure identity and license validation for the Prisma AIRS deployment.
    • The Registration PIN is unique to your Customer Support account and allows the system to auto-register and fetch licenses at launch.
    To retrieve the site licenses when you launch the Prisma AIRS AI Runtime: Network intercept, include the auto registration PIN ID and value in the deployment.
    Network Requirements:
    To allow the Prisma AIRS AI Runtime: Network intercept instance to retrieve the device certificate, ensure your network allows outbound traffic to the following:
    FQDN
    Ports
    • http://ocsp.paloaltonetworks.com
    • http://crl.paloaltonetworks.com
    • http://ocsp.godaddy.com
    TCP 80
    • https://api.paloaltonetworks.com
    • http://apitrusted.paloaltonetworks.com
    • https://certificatetrusted.paloaltonetworks.com
    • https://certificate.paloaltonetworks.com
    TCP 443
    • *.gpcloudservice.com
    TCP 444 and TCP 443
    The Registration PIN allows you to apply a site license to your Prisma AIRS AI Runtime: Network intercept at initial startup. The auto registration PIN enables you to automatically register your usage-based firewalls at launch with the Customer Support Portal and retrieve site licenses. Use your Registration PIN before it expires. If you don't, you must return to the Customer Support Portal to generate a new one.
    You’ll use the Registration PIN ID and value during the Prisma AIRS deployment to auto-register the instance and retrieve the site license. Keep them available and protected until deployment is complete.
    1. Log in to the Palo Alto Networks Customer Support Portal with your account credentials.
    2. Generate the Registration PIN.
      1. Navigate to Products Device Certificates Generate Registration PIN.
      2. Enter a Description.
      3. Select a PIN Expiration time-period from the drop-down.
      4. Click Generate Registration PIN.
      5. Save the PIN ID and value.
        Ensure to use the PIN ID and value before it expires.

    © 2025 Palo Alto Networks, Inc. All rights reserved.