Error Deleting Certificate on PAN-OS - ssl-decrypt -> trusted-root-CA
Created On 09/25/18 19:44 PM - Last Updated 02/07/19 23:58 PM
Zone and DoS Protection
When attempting to delete a certificate that is used for SSL Decryption, even if not in use anywhere in the configuration, the following error appears:
Error deleting Certificate
Number of failed record(s): 1
1- Failed to delete Certificate - tester3.
° tester3 cannot be deleted because of references from:
° ssl-decrypt -> trusted-root-CA
The certificate that is to be deleted has been designated as a Trusted Root CA. With the "Trusted Root CA" option selected, the Palo Alto Networks device will not allow you to delete the certificate, even if it is not used in the configuration. When a certificate is marked as "Trusted root CA", the device will attempt to use it in conjunction with the SSL Decrypt configuration, even though SSL Decryption is not being used.
Uncheck "Trusted Root CA" from the certificate in question. This should allow you to delete the certificate, as long as it is not in use anywhere in the configuration.