If the Duo Access Gateway provides a self-signed certificate
as the signing certificate for the IdP, you cannot
Validate
Identity Provider Certificate
. In this case, ensure
that you are using PAN-OS 9.1.3 or a later 9.1 version to mitigate
exposure to
CVE-2020-2021.