Configure Certificate-Based Administrator Authentication
to the Web Interface
As a more secure alternative to password-based
authentication to the web interface of a Palo Alto Networks firewall,
you can configure certificate-based authentication for administrator
accounts that are local to the firewall. Certificate-based authentication
involves the exchange and verification of a digital signature instead
of a password.
authentication for any administrator disables the username/password
logins for all administrators on the firewall; administrators thereafter
require the certificate to log in.
Generate a certificate authority (CA) certificate
on the firewall.
You will use this CA certificate to sign the client certificate
of each administrator.