the Certificate for Inbound Management Traffic
When you first boot up the firewall or Panorama,
it automatically generates a default certificate that enables HTTPS
access to the web interface and XML API over the management (MGT)
interface and (on the firewall only) over any other interface that supports
HTTPS management traffic (for details, see Use Interface Management Profiles to Restrict Access).
To improve the security of inbound management traffic, replace the
default certificate with a new certificate issued specifically for
You cannot view, modify, or delete
the default certificate.
you Generate a Certificate on
the firewall or Panorama, administrators will see a certificate
error because the root CA certificate is not in the trusted root
certificate store of client systems. To prevent this, deploy the
self-signed root CA certificate to all client systems.
Regardless of how you obtain the certificate,
we recommend a