Change a Client Certificate

Complete the following task to replace a client certificate.
  1. Obtain or generate the device certificate.
    You can deploy certificates on Panorama or a server Log Collector by generating a self-signed certificate on Panorama or obtaining a certificate from your enterprise CA or a trusted third-party CA.
    Set the common name to $UDID or subject to CN=$UDID (in the SCEP profile) if authorizing client devices based on serial number.
    • You can generate a self-signed certificate on Panorama or obtain a certificate from your enterprise CA or a trusted third-party CA.
    • If you are using SCEP for the device certificate, configure a SCEP profile. SCEP allows you to automatically deploy certificates to managed devices. When a new client devices with a SCEP profile attempts to authenticate with Panorama, the certificate is sent by the SCEP server to the device.
  2. Change the certificate in the certificate profile.
    1. Select
      Device
      Certificate Management
      Certificate Profile
      and select the certificate profile.
    2. Under CA Certificates,
      Add
      the new certificate to assign to the certificate profile.
    3. Click
      OK
      .
    4. Commit
      your changes.

Related Documentation