Install the Panorama Device Certificate

Install the Panorama device certificate to leverage Palo Alto Networks cloud services.
In PAN-OS 9.1.3 and later releases, you must install the device certificate on the Panorama™ management server to successfully authenticate Panorama with the Palo Alto Networks Customer Support Portal (CSP) and leverage cloud services such as Zero Touch Provisioning (ZTP), Device Telemetry, IoT, and Enterprise Data Loss Prevention (DLP). Panorama must have internet access to successfully install the device certificate.
If you are leveraging the Cloud Services plugin, you must have Cloud Services plugin 1.5 or later release installed to successfully install the Panorama device certificate.
  1. Register Panorama with the Palo Alto Networks Customer Support Portal (CSP).
  2. Configure the Network Time Protocol (NTP) server.
    An NTP server is required validate the device certification expiration date, ensure the device certificate does not expire early or become invalid.
    1. Select
      Panorama
      Setup
      Services
      .
    2. Select
      NTP
      and enter the hostname
      pool.ntp.org
      as the
      Primary NTP Server
      or enter the IP address of your primary NTP server.
    3. (
      Optional
      ) Enter a
      Secondary NTP Server
      address.
    4. (
      Optional
      ) To authenticate time updates from the NTP server(s), for
      Authenticastion Type
      , select one of the following for each server.
      • None
        (default)—Disables NTP authentication.
      • Symmetric Key
        —Firewall uses symmetric key exchange (shared secrets) to authenticate time updates.
        • Key ID
          —Enter the Key ID (1-65534)
        • Algorithm
          —Select the algorithm to use in NTP authentication (
          MDS
          or
          SHA1
          )
    5. Click
      OK
      to save your configuration changes.
    6. Select
      Commit
      and
      Commit to Panorama
      .
  3. Generate the One Time Password (OTP).
    1. Select
      Assets
      Device Certificates
      and
      Generate OTP
      .
    2. For the
      Device Type
      , select
      Generate OTP for Panorama
      and
      Generate OTP
      .
    3. Select the
      Panorama Device
      serial number.
    4. Generate OTP
      and copy the OTP.
  4. Select
    Panorama
    Setup
    Management
    Device Certificate Settings
    and
    Get certificate
    .
    ztp-get-certificate.png
  5. Enter the
    One-time Password
    you generated and click
    OK
    .
  6. Panorama successfully retrieves and installs the certificate.
    ztp-get-certificate-successful.png

Recommended For You