Device > Certificate Management > SSL/TLS Service Profile
Device > Certificate Management
> SSL/TLS Service Profile
Panorama > Certificate Management > SSL/TLS Service Profile
SSL/TLS service profiles specify a server certificate and a protocol
version or range of versions for firewall or Panorama services that
use SSL/TLS (such as administrative access to the web interface).
By defining the protocol versions, the profiles enable you to restrict
the cipher suites that are available for securing communication
with the client systems requesting the services.
In the client systems that request firewall
or Panorama services, the certificate trust list (CTL) must include
the certificate authority (CA) certificate that issued the certificate
specified in the SSL/TLS service profile. Otherwise, users will
see a certificate error when requesting the services. Most third-party
CA certificates are present by default in client browsers. If an
enterprise or firewall-generated CA certificate is the issuer, you
must deploy that CA certificate to the CTL in client browsers.
To add a profile, click
the fields in the following table.
SSL/TLS Service Profile Settings
Enter a name to identify the profile (up
to 31 characters). The name is case-sensitive. It must be unique and
use only letters, numbers, spaces, hyphens, and underscores.
If the firewall has more than one virtual
system (vsys), selecting this option makes the profile available
on all virtual systems. By default, this option is cleared and the
profile is available only for the vsys selected in the