Review and manage certificates from the certificate authorities (CAs) trusted by Palo
Alto Networks Next-Generation Firewalls.
The Default Trusted Certificate Authorities store (DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities) contains certificates issued by the most common and trusted certificate
authorities (CAs). Palo Alto Networks Next-Generation Firewalls use these preinstalled
certificates to secure connections to the internet. The store displays the name,
subject, issuer, expiration date, and revocation status of each certificate.
The Default Trusted Certificate Authorities store is updated
with major PAN-OS releases.
You can enable, disable, or export CA certificates from the store. To add additional
enterprise CA certificates to your firewall, obtain the certificates and import them to
Device Certificates or Custom Certificates (DeviceCertificate ManagementCertificates, then Device Certificates (PAN-OS 11.2 and earlier) or Custom Certificates
(PAN-OS 12.1.0 and later)).