Complete the following task to replace a root
or intermediate CA certificate.
Configure the server to accept predefined certificates
from clients.
Select
Panorama
Setup
Management
and
Edit
the
Panorama Settings.
Uncheck
Custom Certificate Only
.
Select
None
from the Certificate
Profile drop-down.
Click
OK
.
Commit
your changes.
Deploy the new root or intermediate CA certificate.
You can deploy certificates on Panorama
or a server Log Collector by generating a self-signed certificate
on Panorama or obtaining a certificate from your enterprise CA or
a trusted third-party CA.
Update the CA certificate in the server certificate profile.
Update the CA certificate in the client certificate profile.
Select
Device
Setup
Management
and
click the
Edit
icon in Panorama Settings for
a firewall or Select
Panorama
Managed Collectors
Add
Communication
for a Log Collector
and select the certificate profile to update.
Delete
the old CA certificate.
Add
the new CA Certificate.
Click
OK
.
After updating the CA certificates on all managed devices,
enforce custom-certificate authentication.
Select
Panorama
Setup
Management
and
Edit
the
Panorama Settings.
Select
Custom Certificate Only
.
Click
OK
.
Commit
your changes.
After committing this change, all devices managed by Panorama must
use custom certificates. If not, authentication between Panorama
and the device fails.