Obtain the CA Certificate for the Panorama Controller
Table of Contents
Obtain the CA Certificate for the Panorama Controller
Obtain the Certificate Authority on the Panorama™ Controller
to secure communication with the Panorama Nodes.
Create a trusted Certificate Authority (CA)
responsible for issuing certificates to Panorama™ Nodes to secure
connections to the internet. A trusted CA is required when setting
up Panorama for large scale firewall deployments.
- Log in to the Panorama web interface of the Panorama Controller.Create the Certificate Authority certificate.
- Generate a new CA certificate
- Select and Generate a new certificate.
- For the Certificate Type, select Local.
- Enter a Certificate Name, such as panorama-ca. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
- In the Common Name field, enter the serial number of the Panorama Controller.
- Leave the Signed By field blank to designate the certificate as self-signed.
- Select the Certificate Authority check box.
- Generate the CA certificate.
![]()
- Import an existing CA certificate
- Select and Import the CA certificate.
- Enter a Certificate Name, such as panorama-CA. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
- Browse to find the Certificate File.
- Select a File Format:
- Base64 Encoded Certificate (PEM)—You must import the key separately from the certificate. Select the Import Private Key check box, and Browse for the Key File.
- Encrypted Private Key and Certificate (PKCS12)— Common format in which the key and certificate are in a single container (Certificate File).
- Enter and re-enter (confirm) the Passphrase used to encrypt the key.
- Click OK. The Certificates page now displays the imported CA certificate.
![]()
Click Commit and Commit to Panorama.
