Add a Certificate to Cloud NGFW for Azure
Focus
Focus
Cloud NGFW for Azure

Add a Certificate to Cloud NGFW for Azure

Table of Contents

Add a Certificate to Cloud NGFW for Azure

Learn how to add a certificate to Cloud NGFW for Azure.
Where Can I Use This?What Do I Need?
  • Cloud NGFW for Azure
  • Cloud NGFW subscription
  • Palo Alto Networks Customer Support Portal account
  • Azure Marketplace subscription
Cloud NGFW uses certificates to enable outbound decryption. These certificates are stored in the Azure Key Vault.
Only self-signed and root CA signed certificates are currently supported for decryption. Chained certificates are not supported.
To add a certificate, familiarize yourself with how rulestacks work.
  1. Click the Local Rulestacks icon from the homepage and select a previously created rulestack on which you wish to create a certificate.
  2. Click Certificates on the left pane and click Add. The Add Certificate List pane opens.
  3. Enter a descriptive Name for your certificate.
  4. ( optional) Enter a description for your certificate.
  5. If the certificate is self-signed, check Self-Signed Certificate.
  6. If the certificate isn't self-signed, then obtain the Certificate URI by navigating to Azure key vaultCertificates and copy-paste the Secret Identifier URI in Certificate URI.
  7. ( optional) In the Certificate source field, choose the respective option: Select from Key vault or Paste URI.
  8. Click Add.
  9. Create a managed identity in the same resource group as the Key Vault. See, Create a user-assigned managed identity.
  10. Navigate to Azure Key Vault> Access Policies.
  11. Click Create to configure an access policy that assigns Key Vault Certificates Officer and Key Vault Secrets User to the managed identity created in step 9.