Unable to Access Web Console via HTTPS

Unable to Access Web Console via HTTPS

73714
Created On 09/25/18 20:34 PM - Last Modified 06/16/21 02:29 AM


Symptom
  • SSL-TLS profile with certificates has been configured for HTTPS authentication to Firewall.
  • After few days of operation, HTTPS access is not working
  • SSH is working fine.


Environment
  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • Management access using HTTPS
  • SSL-TLS profile configured.


Cause
The certificate is expired or other issues with the certificate.

Resolution

Option1:

  • If the SSL TLS profile used for management is known delete the same. This way the management access starts using the default certificate.
  • For example, The following command deletes the SSL TLS profile used for HTTPS access named profile-1

> configure
# delete deviceconfig system ssl-tls-service-profile
# delete shared ssl-tls-service-profile profile-1
# commit
# exit

​​​​​
Option2:
  1. Since SSH access is possible, a new certificate can be created from the CLI.
  2. Add the certificate to the SSL TLS profile
  3. Use the newly configured certificate and SSL profile to be used for HTTPS.

Example below:

> request certificate generate ca yes certificate-name <cert name> name <IP or FQDN> algorithm RSA rsa-nbits 2048
> configure
# set shared ssl-tls-service-profile <profile name> certificate <cert name> protocol-settings min-version tls1-0 max-version tls1-2
# set deviceconfig system ssl-tls-service-profile <profile name>
# commit
# exit

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli0CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language