Generate the Panorama Node Certificate
Generate and import a certificate for the Panorama™ Node
as part of a certificate to secure communication between the Panorama
Controller and Panorama Node.
For the Panorama™ Controller to authenticate
each Panorama Node, create a unique certificate for each Panorama
Node. The Panorama Controller and Node use certificate-based authentication
to securely communicate with each other. Before you generate the
unique Panorama Node certificates, Obtain the CA Certificate for the Panorama Controller.
If
your Panorama Node is in a high availability (HA) configuration,
you must create and import the Panorama Node certificates of both
Panorama Nodes to each peer in the HA configuration.
- Log in to the Panorama web interface of the Panorama Controller.
- Select andGeneratea new certificate:
- For theCertificate Type, selectLocal.SCEP is currently not supported.
- Enter aCertificate Name, such aspanorama-node1_cert. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
- In theCommon Namefield, enter the serial number of the Panorama Node.The serial number must be entered in theCommon Namefield in order to authenticate the connection between the Panorama Controller and Panorama Node. The Panorama Node cannot connect to the Panorama Controller if the serial number is not entered in this field.
- In theSigned Byfield, select the CA certificate.
- Generatethe certificate.
- ClickCommitandCommit to Panorama.
- Export the certificates for each Panorama Node you generated.
- Select , select the certificate, andExport Certificate.
- Select theFile Format:
- Base64 Encoded Certificate (PEM)—Allows you to export the certificate and private key separately. If you want the exported file to include the private key, select theExport Private Keycheck box.
- Encrypted Private Key and Certificate (PKCS12)— Export the certificate and private in a single file.
- Check theExport private keybox.
- Enter aPassphraseandConfirm Passphraseto encrypt the private key. This passphrase is when importing the certificate key to the Panorama Nodes.
- ClickOKand save the certificate/key file to your computer.
- Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, andSavethe certificate.
- Import the certificate in to each Panorama Node.
- Log in to the Panorama web interface of the Panorama Node.
- Select , andImporta certificate:
- For theCertificate Type, selectLocal.SCEP is currently not supported.
- Enter the sameCertificate Name.The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
- Browsefor the certificate you exported in the previous step.
- Check theImport private keybox.
- Enter thePassphraseandConfirm Passphraseused to encrypt the private key.
- ClickOKto import the certificate.
- ClickCommitandCommit to Panorama.
