>
    Configure Revocation Status Verification of Certificates Used for Device or User Authentication
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Certificate Management
    4. Certificate Revocation
    5. Configure Revocation Status Verification of Certificates Used for Device or User Authentication
    Download PDF
    Next-Generation Firewall

    Configure Revocation Status Verification of Certificates Used for Device or User Authentication

    Table of Contents

    Configure Revocation Status Verification of Certificates Used for Device or User Authentication

    This procedure describes how to configure an NGFW or Panorama to verify the revocation status of certificates that it uses for device or user authentication.
    Obtain CA certificates to assign to the certificate profile. You can generate a certificate or import a certificate.
    The firewall and Panorama use certificates to authenticate users and devices for such applications as Authentication Portal, GlobalProtect™, site-to-site IPSec VPN, and web interface access to a next-generation firewall or Panorama. You can configure verification of the revocation status of certificates used for device or user authentication to these applications.
    For details on the certificates that various applications use, see Keys and Certificates.
    1. Configure a certificate profile for each application.
      Assign one or more root CA certificates to the profile, configure certificate revocation checking, and block sessions for various reasons. For example, you can block sessions if the certificate status is unknown or if the certificate status can’t be retrieved within specified timeout limits.
    2. Assign the certificate profiles to the relevant applications.
      The steps to assign a certificate profile depend on the application that requires it.

    © 2025 Palo Alto Networks, Inc. All rights reserved.