Prisma SD-WAN
Certificate Management
Table of Contents
Certificate Management
Prisma SD-WAN allows to manage certificates.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Certificate Management in Prisma SD-WAN allows you to manage digital
certificates used to establish trust and secure communication within your network.
Certificates are crucial for authenticating components, securing data in transit, and
enabling advanced features like application acceleration.
Certificates are digital identity documents that verify the authenticity of users,
devices, and services. They use cryptography to ensure secure communication and verify
identities. In Prisma SD-WAN, certificates are vital for:
- Securing Communication: Ensuring secure connections between ION devices, controllers, and other network endpoints.
- Enabling Application Acceleration: Certificates are required for services that decrypt and inspect traffic (for example, SSL/TLS) to optimize application performance.
- Custom Certificates: These are certificates that you, as the administrator, import or generate within the Prisma SD-WAN web interface. They typically come from third-party Certificate Authorities (CAs) or are self-signed for specific use cases.
Key Certificate Management Actions
On the Certificate Management page, you can perform the
following actions for Custom Certificates:
- Import Certificates: Upload new CA or server certificates.
- View Certificate Details: Examine a certificate's properties.
- Delete Certificates: Remove unnecessary certificates.
Working with Certificates
| Field | Description |
|---|---|
| Name | A user-defined or system-generated name for the certificate. |
| Subject | Identifies the entity (for example, server, device, organization) the certificate belongs to. Includes the Common Name (CN), organization, and other identifying details. |
| Used In | Indicates where the certificate is currently used in the Prisma SD-WAN configuration. |
| CA | For server certificates, this identifies the Certificate Authority (CA) that issued the certificate. For CA certificates, this field may be self-referential or indicate the issuer of the root CA. |
| Key | Specifies the type and size of the cryptographic key used with the certificate (for example, RSA 2048, ECDSA 256). |
| Status | Shows the certificate's current state, such as Valid, Expired, or Revoked. |
| Algorithm | The cryptographic algorithm used for the certificate's signature (for example, SHA256 with RSA). |
| Actions | Provides options to perform actions like Export, Renew, or Delete the certificate. (These actions are available for custom certificates and appear when you hover over or select a certificate.) |
Important Considerations
- Certificate Expiry: Regularly monitor certificate expiry dates. Expired certificates can disrupt services and create security vulnerabilities.
- Key Management: Ensure private keys are securely stored and managed.
- Trust Chains: When importing CA certificates, ensure you import the entire trust chain (root and any intermediate CAs) for proper validation.
- App Acceleration Integration: Certificates managed here are essential for configuring App Acceleration feature that require SSL/TLS decryption and inspection. For detailed steps on configuring App Acceleration and applying these certificates, refer to the Configure App Acceleration documentation.