>
    Strata Copilot
    Remove Cloud Identity Agent Certificates
    Focus
    Download PDF
    Focus
    1. Home
    2. Identity
    3. Manage the Cloud Identity Engine App
    4. Manage the Cloud Identity Agent
    5. Manage Cloud Identity Engine Certificates
    6. Remove Cloud Identity Agent Certificates
    Download PDF
    Identity

    Remove Cloud Identity Agent Certificates

    Table of Contents

    Remove Cloud Identity Agent Certificates

    If the Cloud Identity agent’s certificate is compromised, remove the compromised certificate and generate a new certificate.
    Where Can I Use This?What Do I Need?
    • NGFW
    • Prisma Access
    		The Cloud Identity Engine service is free; however, the enforcement points utilizing directory data may require specific licenses. Click here for more information.
    If a Cloud Identity agent’s certificate is compromised, remove the certificate.
    1. Log in to the hub and select Cloud Identity Engine.
    2. Select the tenant associated with the agent with the compromised certificate.
    3. From the Cloud Identity Engine app, select Agents & Certificates.
    4. Remove the certificate.
    5. Delete Obsolete Cloud Identity Agent Certificates to remove the previous certificate.
    6. Generate a new certificate to Authenticate the Agent and the Cloud Identity Engine and install it on the agent host.

    © 2026 Palo Alto Networks, Inc. All rights reserved.