Configure Revocation Status Verification of Certificates

The firewall and Panorama use certificates to authenticate users and devices for such applications as Captive Portal, GlobalProtect, site-to-site IPSec VPN, and web interface access to the firewall/Panorama. To improve security, it is a best practice to configure the firewall or Panorama to verify the revocation status of certificates that it uses for device/user authentication.
  1. Configure a Certificate Profile for each application.
    Assign one or more root CA certificates to the profile and select how the firewall verifies certificate revocation status.
    For details on the certificates that various applications use, see Keys and Certificates
  2. Assign the certificate profiles to the relevant applications.
    The steps to assign a certificate profile depend on the application that requires it.

Related Documentation