Palo Alto Networks Knowledgebase: How to Generate a Certificate Signing Request (CSR) With a Multi-level Organizational Unit

How to Generate a Certificate Signing Request (CSR) With a Multi-level Organizational Unit

5419
Created On 08/05/19 20:23 PM - Last Updated 08/05/19 20:36 PM
Resolution

Details

A Certificate Signing Request (CSR) with a multi-level organizational unit can be generated from the CLI using the following command:

 

> request certificate generate

 

Here are the options: * are required.
+ ca                   Make this a signing certificate
+ country-code         Country code
+ days-till-expiry     Number of days till expiry
+ digest               Digest Algorithm
+ email                Email address of the contact person
+ filename             file name for the certificate
+ locality             Locality
+ ocsp-responder-url   ocsp-responder-url
+ organization         Organization
+ signed-by            signed-by
+ state                State/province
* algorithm            algorithm
* certificate-name     Name of the certificate object
* name                 IP or FQDN to appear on the certificate
> alt-email            Subject alternate Email type
> hostname             Subject alternate name DNS type
> ip                   Subject alternate name IP type
> organization-unit    Department

 

Note: in PAN-OS 8.0, the algorithm option is required to generate a CSR.

 

For example:

> request certificate generate organization-unit [OU1,OU2] signed-by external filename csr-site123 certificate-name site123 name site123.paloaltonetworks.com algorithm RSA rsa-nbits 1024

 

Successfully generated certificate and key pair : site123

 

The above command will generate a CSR with the following attributes:

Certificate Name: site123

Organizational Units: OU1 and OU2

Common Name: site123.paloaltonetworks.com

 

Inside of the WebGUI: Device > Certificate Management > Certificates > Device Certificates tab

You will see the pending certificate. In order to save the CSR request, click the certificate, then Export:

2017-12-27_csr-gui.jpg

 

 

owner: jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbrCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language