Change a Root or Intermediate CA Certificate
Complete the following task to replace a root
or intermediate CA certificate.
- Configure the server to accept predefined certificates
from clients.
- Select PanoramaSetupManagement and Edit the Panorama Settings.
- Uncheck Custom Certificate Only.
- Select None from the Certificate Profile drop-down.
- Click OK.
- Commit your changes.
- Deploy the new root or intermediate CA certificate.You can deploy certificates on Panorama or a server Log Collector by generating a self-signed certificate on Panorama or obtaining a certificate from your enterprise CA or a trusted third-party CA.
- Update the CA certificate in the server certificate profile.
- Select PanoramaCertificate ManagementCertificate Profile and select the certificate profile to update.
- Delete the old CA certificate.
- Add the new CA Certificate.
- Click OK.
- Generate or import the new client certificate.
- Select DeviceCertificate ManagementCertificates.
- Create a self-signed root CA certificate or import a certificate from your enterprise CA.
- Update the CA certificate in the client certificate profile.
- Select DeviceSetupManagement and click the Edit icon in Panorama Settings for a firewall or Select PanoramaManaged CollectorsAddCommunication for a Log Collector and select the certificate profile to update.
- Delete the old CA certificate.
- Add the new CA Certificate.
- Click OK.
- After updating the CA certificates on all managed devices,
enforce custom-certificate authentication.
- Select PanoramaSetupManagement and Edit the Panorama Settings.
- Select Custom Certificate Only.
- Click OK.
- Commit your changes.After committing this change, all devices managed by Panorama must use custom certificates. If not, authentication between Panorama and the device fails.
Related Documentation
Set Up Authentication Using Custom Certificates Between HA Peers
Set Up Authentication Using Custom Certificates Between HA Peers You can Set Up Authentication Using Custom Certificates for securing the HA connection between Panorama HA ...
Change a Client Certificate
Change a Client Certificate Complete the following task to replace a client certificate. Obtain or generate the device certificate. You can deploy certificates on Panorama ...
Configure Authentication Using Custom Certificates on Panorama
Configure Authentication Using Custom Certificates on Panorama Complete the following procedure to configure the server side (Panorama) to use custom certificates instead of predefined certificates ...
Change a Server Certificate
Change a Server Certificate Complete the following task to replace a server certificate. Deploy the new server certificate. You can deploy certificates on Panorama or ...
Configure Authentication Using Custom Certificates on Managed Devices
Configure Authentication Using Custom Certificates on Managed Devices Complete the following procedure to configure the client side (firewall or Log Collector) to use custom certificates ...
Configure a Panorama Administrator with Certificate-Based Authentication for the Web Interface
Configure a Panorama Administrator with Certificate-Based Authentication for the Web Interface As a more secure alternative to password-based authentication to the Panorama web interface, you ...
Replace the Certificate for Inbound Management Traffic
Replace the Certificate for Inbound Management Traffic When you first boot up the firewall or Panorama, it automatically generates a default certificate that enables HTTPS ...
Configure Certificate-Based Administrator Authentication to...
Configure Certificate-Based Administrator Authentication to the Web Interface As a more secure alternative to password-based authentication to the firewall web interface, you can configure certificate-based ...