Palo Alto Networks Knowledgebase: Error Deleting Certificate on PAN-OS - ssl-decrypt -> trusted-root-CA

Error Deleting Certificate on PAN-OS - ssl-decrypt -> trusted-root-CA

3159
Created On 02/07/19 23:58 PM - Last Updated 02/07/19 23:58 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Issue

When attempting to delete a certificate that is used for SSL Decryption, even if not in use anywhere in the configuration, the following error appears:

Error deleting Certificate

Number of failed record(s): 1

    1- Failed to delete Certificate - tester3.

  ° tester3 cannot be deleted because of references from:

  ° ssl-decrypt -> trusted-root-CA

del-cert2.JPG.jpg

 

Cause

The certificate that is to be deleted has been designated as a Trusted Root CA. With the "Trusted Root CA" option selected, the Palo Alto Networks device will not allow you to delete the certificate, even if it is not used in the configuration. When a certificate is marked as "Trusted root CA", the device will attempt to use it in conjunction with the SSL Decrypt configuration, even though SSL Decryption is not being used.

 

Resolution

Uncheck "Trusted Root CA" from the certificate in question. This should allow you to delete the certificate, as long as it is not in use anywhere in the configuration.

del-cert.JPG.jpg

 

owner: jdelio



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcQCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language