How To use Certificate For Secure Web-GUI Access

How To use Certificate For Secure Web-GUI Access

Created On 09/25/18 17:27 PM - Last Modified 12/17/21 04:52 AM

  • Palo Alto Firewall
  • PAN-OS (any current version)
  • WebUI access using certificate.


For web-gui access to the Palo Alto Networks firewall, you can choose a certificate on the firewall for all web-based management sessions. 

  1. Create new or select existing SSL/TLS Profile to be used
    • Firewall: Device> SSL/TLS Service Profile
    • Panorama: Panorama> SSL/TLS Service Profile
  2. Click Add
    • Name: Enter name of the profile
    • Certificate: Select the certificate to use
    • Protocol Settings: Choose your preference
  3. Device (or Panorama)>Setup>Management
  4. Click the Gear icon on General tab
  5. Click the drop-down on SSL/TLS Service Profile and select your profile
  6. Click OK
  7. Commit    (NOTE: The web server process will restart and you will need to log back in)




  1. Navigate to GUI: Device > Setup > Management > General Settings > SSL/TLS Service Profile. From the dropdown select the above configured SSL/TLS service profile.







After committing the changes the webserver daemon responsible for the web-gui will be restarted and you will lose connectivity to the WEB GUI. You will need to login to the WEB GUI again. Then you will see the new certificate configured from the above steps being utilized as the certificate for web-management.



  • Print
  • Copy Link

Choose Language