Palo Alto Networks Knowledgebase: How to Generate a Certificate Signing Request (CSR) With a Multi-level Organizational Unit
How to Generate a Certificate Signing Request (CSR) With a Multi-level Organizational Unit
Created On 08/05/19 20:23 PM - Last Updated 08/05/19 20:36 PM
A Certificate Signing Request (CSR) with a multi-level organizational unit can be generated from the CLI using the following command:
> request certificate generate
Here are the options: * are required. + ca Make this a signing certificate + country-code Country code + days-till-expiry Number of days till expiry + digest Digest Algorithm + email Email address of the contact person + filename file name for the certificate + locality Locality + ocsp-responder-url ocsp-responder-url + organization Organization + signed-by signed-by + state State/province * algorithm algorithm * certificate-name Name of the certificate object * name IP or FQDN to appear on the certificate > alt-email Subject alternate Email type > hostname Subject alternate name DNS type > ip Subject alternate name IP type > organization-unit Department
Note: in PAN-OS 8.0, the algorithm option is required to generate a CSR.