Palo Alto Networks Knowledgebase: Workaround for Certificate Warning when Accessing the GUI via HTTPS

Workaround for Certificate Warning when Accessing the GUI via HTTPS

7888
Created On 02/08/19 00:05 AM - Last Updated 02/08/19 00:05 AM
Resolution

Issue

When accessing the GUI via HTTPS, the browser will verify the certificate presented by the firewall. Because the firewall uses a self-signed certificate by default, this causes the browser to warn about the certificate's validity.

 

Resolution

To prevent this from happening:

  • Create a Root certificate and later a server certificate which is signed by the root certificate. Root certificate should be used as Trusted Root CA and Server certificate should be used as Certificate for secure Web GUI.

cert 4.png

 

  • Server certificate host name is the firewall management IP address or DNS name, which is used as the URL in the browser. This is verified by the browser in the certificate. Leave the host name blank if the Common Name field has the firewall management IP address.

cert 7.png

 

  • Import the root certificate in the browser in the trusted root certificate folder and the server certificate in the Personal certificates folder.

  • Access the firewall WebGUI--there should be no certificate warning.

cert 3.png

  • The certificate details show it was signed by a now trusted certificate authority.

cert 6.PNG

 

owner: ssunku



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cle2CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language