Default Trusted Certificate Authorities (CAs)
Focus
Focus

Default Trusted Certificate Authorities (CAs)

Table of Contents
End-of-Life (EoL)

Default Trusted Certificate Authorities (CAs)

Review and manage certificates from the certificate authorities (CAs) that Palo Alto Networks Next-Generation Firewalls trust by default.
The Default Trusted Certificate Authorities store (DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities) contains certificates from the most common and trusted certificate authorities (CAs). Palo Alto Networks Next-Generation Firewalls use these preinstalled certificates to secure connections to the internet. The trusted CA store displays the name, subject, issuer, expiration date, and validity status of each certificate in the list.
The Default Trusted Certificate Authorities store is updated with major PAN-OS releases.
You can enable, disable, or export CA certificates from the store. To add additional enterprise CA certificates to your firewall, obtain the certificates and import them to Device Certificates (DeviceCertificate ManagementCertificatesDevice Certificates).