Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks

How To use Certificate For Secure Web-GUI Access

276091
Created On 09/25/18 17:27 PM - Last Modified 10/20/24 15:08 PM


Environment


  • Palo Alto Networks Firewall.
  • PAN-OS (any current version).
  • WebUI access using certificate.


Resolution


For web-gui access to the Palo Alto Networks firewall, you can choose a certificate on the firewall for all web-based management sessions. 

  1. Create new or select existing SSL/TLS Profile to be used
    • Firewall: Device> SSL/TLS Service Profile
    • Panorama: Panorama> SSL/TLS Service Profile
  2. Click Add
    • Name: Enter name of the profile
    • Certificate: Select the certificate to use
    • Protocol Settings: Choose your preference
  3. Device (or Panorama)>Setup>Management
  4. Click the Gear icon on General tab
  5. Click the drop-down on SSL/TLS Service Profile and select your profile
  6. Click OK
  7. Commit    (NOTE: The web server process will restart and you will need to log back in)

 

Cert2.png

 

  1. Navigate to GUI: Device > Setup > Management > General Settings > SSL/TLS Service Profile. From the dropdown select the above configured SSL/TLS service profile.

 

cert3.png

NOTE:
After committing the changes the webserver daemon responsible for the web-gui will be restarted and you will lose connectivity to the WEB GUI. You will need to login to the WEB GUI again. Then you will see the new certificate configured from the above steps being utilized as the certificate for web-management.

 

 

  1. For an HA deployment, Certificates and SSL/TLS service profiles are not synced if it's referenced in system specific configuration (i.e. management access) that are not synced.
    To update the certificate on the Secondary-Passive firewall, create a new SSL/TLS service profile with a unique name and associate it with the firewall.

 



Additional Information


Are Certificates Synchronized Between Active/Passive or Active/Active HA Firewalls



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFGCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language