: Obtain the CA Certificate for the Panorama Controller
Focus
Focus

Obtain the CA Certificate for the Panorama Controller

Table of Contents

Obtain the CA Certificate for the Panorama Controller

Obtain the Certificate Authority on the Panorama™ Controller to secure communication with the Panorama Nodes.
Create a trusted Certificate Authority (CA) responsible for issuing certificates to Panorama™ Nodes to secure connections to the internet. A trusted CA is required when setting up Panorama for large scale firewall deployments.
  1. Log in to the Panorama web interface of the Panorama Controller.
  2. Create the Certificate Authority certificate.
    • Generate a new CA certificate
    1. Select
      Panorama
      Certificate Management
      Certificates
      and
      Generate
      a new certificate.
    2. For the
      Certificate Type
      , select
      Local
      .
      SCEP is not supported.
    3. Enter a
      Certificate Name
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    4. In the
      Common Name
      field, enter the serial number of the Panorama Controller.
    5. Leave the
      Signed By
      field blank to designate the certificate as self-signed.
    6. Select the
      Certificate Authority
      check box.
    7. Generate
      the CA certificate.
    • Import an existing CA certificate
    1. Select
      Panorama
      Certificate Management
      Certificates
      and
      Import
      the CA certificate.
    2. For the
      Certificate Type
      , select
      Local
      .
      SCEP is not supported.
    3. Enter a
      Certificate Name
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    4. Browse
      to find the
      Certificate File
      .
    5. Select a
      File Format
      :
      • Base64 Encoded Certificate (PEM)
        —You must import the key separately from the certificate. Select the
        Import Private Key
        check box, and
        Browse
        for the
        Key File
        .
      • Encrypted Private Key and Certificate (PKCS12)
        — Common format in which the key and certificate are in a single container (
        Certificate File
        ).
    6. Enter and re-enter (confirm) the
      Passphrase
      used to encrypt the certificate.
    7. Click
      OK
      . The Certificates page now displays the imported CA certificate.
  3. Click
    Commit
    and
    Commit to Panorama
    .
  4. Export the Panorama Controller CA certificate.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , select the CA certificate, and
      Export Certificate
      .
    2. Select the
      File Format
      :
      • Base64 Encoded Certificate (PEM)
        —Allows you to export the certificate and private key separately. If you want the exported file to include the private key, select the
        Export Private Key
        check box.
      • Encrypted Private Key and Certificate (PKCS12)
        — Export the certificate and private in a single file.
    3. Check (enable)
      Export Private Key
      .
    4. Enter a
      Passphrase
      and
      Confirm Passphrase
      to encrypt the CA certificate. This passphrase is required when importing the CA certificate to the Panorama Nodes.
    5. Click
      OK
      and save the encrypted certificate in
      .pem
      format to your local device.
    6. Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, and
      Save
      the certificate.
  5. Import the Panorama Controller CA certificate in to each Panorama Node.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , and
      Import
      a certificate.
      1. For the
        Certificate Type
        , select
        Local
        .
        SCEP is currently not supported.
      2. Enter the same
        Certificate Name
        .The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
      3. Browse
        for the CA certificate you exported in the previous step.
      4. Check the
        Import private key
        box.
      5. Enter the
        Passphrase
        and
        Confirm Passphrase
        used to encrypt the CA certificate.
      6. Click
        OK
        to import the certificate.
    2. Click
      Commit
      and
      Commit to Panorama
      .

Recommended For You