The Default Trusted Certificate Authorities store (DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities) contains certificates issued by the most common and trusted certificate authorities (CAs). Palo Alto Networks Next-Generation Firewalls use these preinstalled certificates to secure connections to the internet. The store displays the name, subject, issuer, expiration date, and revocation status of each certificate.

You can enable, disable, or export CA certificates from the store. To add additional enterprise CA certificates to your firewall, obtain the certificates and import them to Device Certificates or Custom Certificates (DeviceCertificate ManagementCertificates, then Device Certificates (PAN-OS 11.2 and earlier) or Custom Certificates (PAN-OS 12.1.0 and later)).