Focus

Panorama Interconnect Administrator’s Guide

Generate the Panorama Node Certificate

Table of Contents

Generate the Panorama Node Certificate

Generate and import a certificate for the Panorama™ Node as part of a certificate to secure communication between the Panorama Controller and Panorama Node.

For the Panorama™ Controller to authenticate each Panorama Node, create a unique certificate for each Panorama Node. The Panorama Controller and Node use certificate-based authentication to securely communicate with each other. Before you generate the unique Panorama Node certificates, Obtain the CA Certificate for the Panorama Controller.

If your Panorama Node is in a high availability (HA) configuration, you must create and import the Panorama Node certificates of both Panorama Nodes to each peer in the HA configuration.

Log in to the Panorama web interface of the Panorama Controller.
Select PanoramaCertificate ManagementCertificates and Generate a new certificate:
1. For the Certificate Type, select Local.
  
  SCEP is currently not supported.
2. Enter a Certificate Name, such as panorama-node1_cert. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
3. In the Common Name field, enter the serial number of the Panorama Node.
  
  The serial number must be entered in the Common Name field in order to authenticate the connection between the Panorama Controller and Panorama Node. The Panorama Node cannot connect to the Panorama Controller if the serial number is not entered in this field.
4. In the Signed By field, select the CA certificate.
5. Generate the certificate.
Click Commit and Commit to Panorama.
Export the certificates for each Panorama Node you generated.
1. Select PanoramaCertificate ManagementCertificates, select the certificate, and Export Certificate.
2. Select the File Format:
  - Base64 Encoded Certificate (PEM)—Allows you to export the certificate and private key separately. If you want the exported file to include the private key, select the Export Private Key check box.
  - Encrypted Private Key and Certificate (PKCS12)— Export the certificate and private in a single file.
3. Check the Export private key box.
4. Enter a Passphrase and Confirm Passphrase to encrypt the private key. This passphrase is when importing the certificate key to the Panorama Nodes.
5. Click OK and save the certificate/key file to your computer.
6. Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, and Save the certificate.
Import the certificate in to each Panorama Node.
1. Log in to the Panorama web interface of the Panorama Node.
2. Select PanoramaCertificate ManagementCertificates, and Import a certificate:
  1. For the Certificate Type, select Local.
    
    SCEP is currently not supported.
  2. Enter the same Certificate Name.The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
  3. Browse for the certificate you exported in the previous step.
  4. Check the Import private key box.
  5. Enter the Passphrase and Confirm Passphrase used to encrypt the private key.
  6. Click OK to import the certificate.
3. Click Commit and Commit to Panorama.

Obtain the CA Certificate for the Panorama Controller

Create a Certificate Profile for Authenticating Panorama Nodes