Error Deleting Certificate on PAN-OS - ssl-decrypt -> trusted-root-CA

Error Deleting Certificate on PAN-OS - ssl-decrypt -> trusted-root-CA

54055
Created On 09/25/18 19:44 PM - Last Modified 06/08/23 03:00 AM


Resolution


Issue

When attempting to delete a certificate that is used for SSL Decryption, even if not in use anywhere in the configuration, the following error appears:

Error deleting Certificate

Number of failed record(s): 1

    1- Failed to delete Certificate - tester3.

  ° tester3 cannot be deleted because of references from:

  ° ssl-decrypt -> trusted-root-CA

del-cert2.JPG.jpg

 

Cause

The certificate that is to be deleted has been designated as a Trusted Root CA. With the "Trusted Root CA" option selected, the Palo Alto Networks device will not allow you to delete the certificate, even if it is not used in the configuration. When a certificate is marked as "Trusted root CA", the device will attempt to use it in conjunction with the SSL Decrypt configuration, even though SSL Decryption is not being used.

 

Resolution

Uncheck "Trusted Root CA" from the certificate in question. This should allow you to delete the certificate, as long as it is not in use anywhere in the configuration.

del-cert.JPG.jpg

 

owner: jdelio
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcQCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language