Add a Certificate to Cloud NGFW for Azure
Expand all | Collapse all
Add a Certificate to Cloud NGFW for Azure
Cloud NGFW uses certificates to enable outbound decryption. These certificates are stored in the
Azure Key Vault.
Only self-signed and root CA signed certificates are
currently supported for decryption. Chained certificates are not supported.
PAN-OS version 11.0.x is required when using Azure Key Vault
for outbound decryption.
Click the
Local Rulestacks
icon from the homepage and
select a previously created rulestack on which you wish to create a certificate.
Click
Certificates
on the left
pane and click
Add
. The Add Certificate List
pane opens.
Enter a descriptive
Name
for your
certificate.
(
optional
) Enter a description for your certificate.
If the certificate is self-signed, check
Self
Signed Certificate
.
If the certificate isn't self-signed, then obtain Certificate URI by navigating
to and copy-paste the Secret Identifier URI in
Certificate URI
.
(
optional
) In the
Certificate source
field,
choose the respective option:
Select from Key vault
or
Paste URI
.
Navigate to
Azure Key Vault
>
Access Policies
.
Click
Create
to configure an access policy that assigns
Key Vault
Certificates Officer
and
Key Vault Secrets User
to the managed
identity created in
step 9
.
