Add a Certificate to Cloud NGFW for Azure
Table of Contents
Expand all | Collapse all
-
- Cloud NGFW for Azure
- Cloud NGFW Components
- Cloud NGFW for Azure Supported Regions
- Cloud NGFW for Azure Limits and Quotas
- Cloud NGFW for Azure Pricing
- Cloud NGFW for Azure Free Trial
- Cloud NGFW Credit Distribution and Management
- Start with Cloud NGFW for Azure
- Manage Cloud NGFW Roles for Azure Users
- Integrate Single Sign-on
- Monitor Cloud NGFW Health
- Create a Support Case
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for Azure Certifications
- Cloud NGFW For Azure Privacy and Data Protection
-
- About Rulestacks and Rules on Cloud NGFW for Azure
- Create a Rulestack on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Rule Objects
- Create a Prefix List on Cloud NGFW for Azure
- Create an FQDN List for Cloud NGFW on Azure
- Add a Certificate to Cloud NGFW for Azure
- Create Security Rules on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Services
- Enable DNS Security on Cloud NGFW for Azure
- Set Up Outbound Decryption on Cloud NGFW for Azure
- Set Up Inbound Decryption on Cloud NGFW for Azure
-
- Panorama Integration
- Panorama Integration Prerequisites
- Link the Cloud NGFW to Palo Alto Networks Management
- Use Panorama for Cloud NGFW Policy Management
- Enable User-ID on the Cloud NGFW for Azure
- Configure Service Routes for On-Prem Services
- Use XFF IP Address Values in Policy
- View Cloud NGFW Logs and Activity in Panorama
- Strata Cloud Manager Policy Management
-
- Configure Logging for Cloud NGFW on Azure
- Cloud NGFW for Azure Traffic Log Fields
- Cloud NGFW for Azure Threat Log Fields
- Cloud NGFW for Azure Decryption Log Fields
- Enable Log Settings
- Disable Log Settings
- Enable Activity Logging on Cloud NGFW for Azure
- Multiple Logging Destinations on Cloud NGFW for Azure
- View the Logs
- View Audit Logs on a Firewall Resource
- View Audit Logs on Resource Groups
- What's New
- Cloud NGFW for Azure Known Issues
- Cloud NGFW for Azure Addressed Issues
Add a Certificate to Cloud NGFW for Azure
Cloud NGFW uses certificates to enable outbound decryption. These certificates are stored in the
Azure Key Vault.
Only self-signed and root CA signed certificates are
currently supported for decryption. Chained certificates are not supported.
PAN-OS version 11.0.x is required when using Azure Key Vault
for outbound decryption.
- Click the Local Rulestacks icon from the homepage and select a previously created rulestack on which you wish to create a certificate.Click Certificates on the left pane and click Add. The Add Certificate List pane opens.Enter a descriptive Name for your certificate.( optional) Enter a description for your certificate.If the certificate is self-signed, check Self Signed Certificate.If the certificate isn't self-signed, then obtain Certificate URI by navigating to Azure key vaultCertificates and copy-paste the Secret Identifier URI in Certificate URI.( optional) In the Certificate source field, choose the respective option: Select from Key vault or Paste URI.Click Add.Create a managed identity in the same resource group as the key vault. See, Create a user-assigned managed identity.Navigate to Azure Key Vault> Access Policies.Click Create to configure an access policy that assigns Key Vault Certificates Officer and Key Vault Secrets User to the managed identity created in step 9.