: Generate the Panorama Node Certificate
Focus
Focus

Generate the Panorama Node Certificate

Table of Contents

Generate the Panorama Node Certificate

Generate and import a certificate for the Panorama™ Node as part of a certificate to secure communication between the Panorama Controller and Panorama Node.
For the Panorama™ Controller to authenticate each Panorama Node, create a unique certificate for each Panorama Node. The Panorama Controller and Node use certificate-based authentication to securely communicate with each other. Before you generate the unique Panorama Node certificates, Obtain the CA Certificate for the Panorama Controller.
If your Panorama Node is in a high availability (HA) configuration, you must create and import the Panorama Node certificates of both Panorama Nodes to each peer in the HA configuration.
  1. Log in to the Panorama web interface of the Panorama Controller.
  2. Select
    Panorama
    Certificate Management
    Certificates
    and
    Generate
    a new certificate.
    Repeat this step for all Panorama Nodes.
    1. For the
      Certificate Type
      , select
      Local
      .
      SCEP is not supported.
    2. Enter a
      Certificate Name
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    3. In the
      Common Name
      field, enter the serial number of the Panorama Node.
      The serial number must be entered in the
      Common Name
      field in order to authenticate the connection between the Panorama Controller and Panorama Node. The Panorama Node cannot connect to the Panorama Controller if the serial number is not entered in this field.
    4. In the
      Signed By
      field, select the CA certificate.
    5. Generate
      the certificate.
    6. Click
      Commit
      and
      Commit to Panorama
      .
  3. Export the for the Panorama Node certificate.
    Repeat this step for all Panorama Nodes.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , select the certificate, and
      Export Certificate
      .
    2. Select the
      File Format
      :
      • Base64 Encoded Certificate (PEM)
        —Allows you to export the certificate and private key separately. If you want the exported file to include the private key, select the
        Export Private Key
        check box.
      • Encrypted Private Key and Certificate (PKCS12)
        — Export the certificate and private in a single file.
    3. Check (enable)
      Export Private Key
      .
    4. Enter a
      Passphrase
      and
      Confirm Passphrase
      to encrypt the CA certificate. This passphrase is required when importing the CA certificate to the Panorama Node.
    5. Click
      OK
      and save the encrypted certificate in
      .pem
      to your local device.
    6. Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, and
      Save
      the certificate.
  4. Import the certificate in to each Panorama Node.
    (
    HA Configuration only
    ) If the Panorama Node is in a high availability (HA) configuration, you must import the peer Panorama Node certificate into each Panorama Node in the HA configuration.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , and
      Import
      a certificate.
      1. For the
        Certificate Type
        , select
        Local
        .
        SCEP is not supported.
      2. Enter the same
        Certificate Name
        .The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
      3. Browse
        for the certificate you exported in the previous step.
      4. Check (enable)
        Import Private key
        .
      5. Enter the
        Passphrase
        and
        Confirm Passphrase
        used to encrypt the certificate.
      6. Click
        OK
        to import the certificate.
    2. Click
      Commit
      and
      Commit to Panorama
      .

Recommended For You