Certificate Management Features

Learn about new Certificate Management features in PAN-OS® 10.0.
New Certificate Management Feature
Master Key Encryption Enhancement
On physical and virtual Palo Alto Networks appliances, you can now configure the Master Key to use the AES-256-GCM encryption algorithm to encrypt data. The AES-256-GCM encryption algorithm increases encryption strength to protect keys better and also includes a built-in integrity check. When you change the encryption level to AES-256-GCM, devices use it instead of the AES-256-CBC encryption algorithm when encrypting keys and other sensitive data.
HSM Enhancements
Newer client driver versions are now supported for SafeNet and nCipher Hardware Security Module (HSM) appliances:
  • SafeNet:
    You can select from versions 5.4.2 or 7.2.
    Additionally, you can choose to have your firewall authenticate and establish trust using manually generated certificates.
  • nCipher nShield Connect:
    Version 12.40.2 is available (backward compatible up to v11.50 for older appliances)

Recommended For You