Review and manage certificates from the certificate authorities (CAs) trusted by Palo
Alto Networks Next-Generation Firewalls.
The Default Trusted Certificate Authorities store (DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities) contains certificates from the most common and trusted certificate
authorities (CAs). Palo Alto Networks Next-Generation Firewalls use these preinstalled
certificates to secure connections to the internet. The trusted CA store displays the
name, subject, issuer, expiration date, and validity status of each certificate in the
list.
The Default Trusted Certificate Authorities store is updated
with major PAN-OS releases.
You can enable, disable, or export CA certificates from the store. To add additional
enterprise CA certificates to your firewall, obtain the certificates and import them to
Device Certificates (DeviceCertificate ManagementCertificates, then Device Certificates).