Focus

Certificate Management Features

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Management Features

Panorama Features

Certificate Management Features

Learn about new Certificate Management features in PAN-OS® 10.0.

New Certificate Management Feature	Description
Master Key Encryption Enhancement	On physical and virtual Palo Alto Networks appliances, you can now configure the Master Key to use the AES-256-GCM encryption algorithm to encrypt data. The AES-256-GCM encryption algorithm increases encryption strength to protect keys better and also includes a built-in integrity check. When you change the encryption level to AES-256-GCM, devices use it instead of the AES-256-CBC encryption algorithm when encrypting keys and other sensitive data.
HSM Enhancements	Newer client driver versions are now supported for SafeNet and nCipher Hardware Security Module (HSM) appliances: SafeNet: You can select from versions 5.4.2 or 7.2. Additionally, you can choose to have your firewall authenticate and establish trust using manually generated certificates. nCipher nShield Connect: Version 12.40.2 is available (backward compatible up to v11.50 for older appliances)

New Certificate Management Feature

Description

Master Key Encryption Enhancement

On physical and virtual Palo Alto Networks appliances, you can now configure the Master Key to use the AES-256-GCM encryption algorithm to encrypt data. The AES-256-GCM encryption algorithm increases encryption strength to protect keys better and also includes a built-in integrity check. When you change the encryption level to AES-256-GCM, devices use it instead of the AES-256-CBC encryption algorithm when encrypting keys and other sensitive data.

HSM Enhancements

Newer client driver versions are now supported for SafeNet and nCipher Hardware Security Module (HSM) appliances:

SafeNet: You can select from versions 5.4.2 or 7.2.
Additionally, you can choose to have your firewall authenticate and establish trust using manually generated certificates.
nCipher nShield Connect: Version 12.40.2 is available (backward compatible up to v11.50 for older appliances)

Management Features

Panorama Features

Next-Generation Firewall Docs

Certificate Management Features

Next-Generation Firewall Docs

Certificate Management Features

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner