Generate the Panorama Node Certificate

Generate and import a certificate for the Panorama™ Node as part of a certificate to secure communication between the Panorama Controller and Panorama Node.
For the Panorama™ Controller to authenticate each Panorama Node, create a unique certificate for each Panorama Node. The Panorama Controller and Node use certificate-based authentication to securely communicate with each other. Before you generate the unique Panorama Node certificates, Obtain the CA Certificate for the Panorama Controller.
  1. Log in to the Panorama Web Interface of the Panorama Controller.
  2. Select
    Panorama
    Certificate Management
    Certificates
    and
    Generate
    a new certificate:
    1. For the
      Certificate Type
      , select
      Local
      .
      SCEP is currently not supported.
    2. Enter a
      Certificate Name
      , such as
      panorama-node1_cert
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    3. In the
      Common Name
      field, enter the serial number of the Panorama Node.
      The serial number must be entered in the
      Common Name
      field in order to authenticate the connection between the Panorama Controller and Panorama Node. The Panorama Node cannot connect to the Panorama Controller if the serial number is not entered in this field.
    4. In the
      Signed By
      field, select the CA certificate.
    5. Generate
      the certificate.
      panorama-interconnect-new-client-cert.png
  3. Click
    Commit
    and
    Commit to Panorama
    .
  4. Export the certificates for each Panorama Node generated in Step 2.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , select the certificate, and
      Export Certificate
      .
    2. Select the
      File Format
      :
      • Base64 Encoded Certificate (PEM)
        —Allows you to export the certificate and private key seperately. If you want the exported file to include the private key, select the
        Export Private Key
        check box.
      • Encrypted Private Key and Certificate (PKCS12)
        — Export the certificate and private in a single file.
    3. Check the
      Export private key
      box.
    4. Enter a
      Passphrase
      and
      Confirm Passphrase
      to encrypt the private key. This passphrase is when importing the certificate key to the Panorama Nodes.
    5. Click
      OK
      and save the certificate/key file to your computer.
      panorama-interconnect-export-client-cert.png
    6. Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, and
      Save
      the certificate.
  5. Import the certificate in to each Panorama Node.
    1. Select
      Panorama
      Certificate Management
      Certificates
      , and
      Import
      a certificate:
      1. For the
        Certificate Type
        , select
        Local
        .
        SCEP is currently not supported.
      2. Enter the same
        Certificate Name
        .The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
      3. Browse
        for the certificate you exported in Step 4.
      4. Check the
        Import private key
        box.
      5. Enter the
        Passphrase
        and
        Confirm Passphrase
        used to encrypt the private key.
      6. Click
        OK
        to import the certificate.
      panorama-interconnect-import-client-cert.png
    2. Click
      Commit
      and
      Commit to Panorama
      .

Related Documentation