Obtain the CA Certificate for the Panorama Controller

Obtain the Certificate Authority on the Panorama™ Controller to secure communication with the Panorama Nodes.
Create a trusted Certificate Authority (CA) responsible for issuing certificates to Panorama™ Nodes to secure connections to the internet. A trusted CA is required when setting up Panorama for large scale firewall deployments.
  1. Log in to the Panorama Web Interface of the Panorama Controller.
  2. Create the Certificate Authority certificate.
    • Generate a new CA certificate
    1. Select
      Panorama
      Certificate Management
      Certificates
      and
      Generate
      a new certificate.
    2. For the
      Certificate Type
      , select
      Local
      .
    3. Enter a
      Certificate Name
      , such as
      panorama-ca
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    4. In the
      Common Name
      field, enter the IP address or FQDN of the Panorama Controller.
    5. Leave the
      Signed By
      field blank to designate the certificate as self-signed.
    6. Select the
      Certificate Authority
      check box.
    7. Generate
      the CA certificate.
      panorama-interconnect-new-ca-cert-controller.png
    • Import an existing CA certificate
    1. Select
      Panorama
      Certificate Management
      Certificates
      and
      Import
      the CA certificate.
    2. Enter a
      Certificate Name
      , such as
      panorama-CA
      . The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
    3. Browse
      to find the
      Certificate File
      .
    4. Select a
      File Format
      :
      • Base64 Encoded Certificate (PEM)
        —You must import the key separately from the certificate. Select the
        Import Private Key
        check box, and
        Browse
        for the
        Key File
        .
      • Encrypted Private Key and Certificate (PKCS12)
        — Common format in which the key and certificate are in a single container (
        Certificate File
        ).
    5. Enter and re-enter (confirm) the
      Passphrase
      used to encrypt the key.
    6. Click
      OK
      . The Certificates page now displays the imported CA certificate.
      panorama-interconnect-import-client-cert.png
  3. Click
    Commit
    and
    Commit to Panorama
    .

Related Documentation