Focus

Panorama Interconnect Administrator’s Guide

Obtain the CA Certificate for the Panorama Controller

Table of Contents

Obtain the CA Certificate for the Panorama Controller

Obtain the Certificate Authority on the Panorama™ Controller to secure communication with the Panorama Nodes.

Create a trusted Certificate Authority (CA) responsible for issuing certificates to Panorama™ Nodes to secure connections to the internet. A trusted CA is required when setting up Panorama for large scale firewall deployments.

Log in to the Panorama web interface of the Panorama Controller.
Create the Certificate Authority certificate.
- Generate a new CA certificate
1. Select PanoramaCertificate ManagementCertificates and Generate a new certificate.
2. For the Certificate Type, select Local.
  
  SCEP is not supported.
3. Enter a Certificate Name. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
4. In the Common Name field, enter the serial number of the Panorama Controller.
5. Leave the Signed By field blank to designate the certificate as self-signed.
6. Select the Certificate Authority check box.
7. Generate the CA certificate.
- Import an existing CA certificate
1. Select PanoramaCertificate ManagementCertificates and Import the CA certificate.
2. For the Certificate Type, select Local.
  
  SCEP is not supported.
3. Enter a Certificate Name. The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
4. Browse to find the Certificate File.
5. Select a File Format:
  - Base64 Encoded Certificate (PEM)—You must import the key separately from the certificate. Select the Import Private Key check box, and Browse for the Key File.
  - Encrypted Private Key and Certificate (PKCS12)— Common format in which the key and certificate are in a single container (Certificate File).
6. Enter and re-enter (confirm) the Passphrase used to encrypt the certificate.
7. Click OK. The Certificates page now displays the imported CA certificate.
Click Commit and Commit to Panorama.
Export the Panorama Controller CA certificate.
1. Select PanoramaCertificate ManagementCertificates, select the CA certificate, and Export Certificate.
2. Select the File Format:
  - Base64 Encoded Certificate (PEM)—Allows you to export the certificate and private key separately. If you want the exported file to include the private key, select the Export Private Key check box.
  - Encrypted Private Key and Certificate (PKCS12)— Export the certificate and private in a single file.
3. Check (enable) Export Private Key.
4. Enter a Passphrase and Confirm Passphrase to encrypt the CA certificate. This passphrase is required when importing the CA certificate to the Panorama Nodes.
5. Click OK and save the encrypted certificate in .pem format to your local device.
6. Enter a descriptive file name for the certificate so that you can easily identify the Panorama Node it needs to be imported to, and Save the certificate.
Import the Panorama Controller CA certificate in to each Panorama Node.
1. Log in to the Panorama web interface of the Panorama Node.
2. Select PanoramaCertificate ManagementCertificates, and Import a certificate.
  1. For the Certificate Type, select Local.
    
    SCEP is currently not supported.
  2. Enter the same Certificate Name.The name is case-sensitive and can have up to 31 characters. It must be unique and use only letters, numbers, hyphens, and underscores.
  3. Browse for the CA certificate you exported in the previous step.
  4. Check the Import private key box.
  5. Enter the Passphrase and Confirm Passphrase used to encrypt the CA certificate.
  6. Click OK to import the certificate.
3. Click Commit and Commit to Panorama.

Set Up Panorama Interconnect

Generate the Panorama Node Certificate