How to check if Panorama Server Certificate has been successfully extended or upgraded
Resolution
The Article is in reference to another customer-facing article which talks about the Panorama Certificate Expiration.
The two options to mitigate this issue is following:
Option 1: Upgrade software on Panorama and all log collectors to the maintenance releases listed below:
- Panorama / log collector version 7.1.9
- Panorama / log collector version 7.0.15
- Panorama / log collector version 6.1.17
Option 2: Update the content on Panorama and all log collectors to content version 700 or later:
However, once you have used any one of the option to upgrade the certificate, please follow the following steps to verify that the certificate validity is extended.
Chrome Browser:
1. Open Chrome Browser and type "https://<mgmt ip of Panorama>:3978" and Click Enter.
2. At this point the Panorama will ask for mutual authentication and the web browser will present all the certificates present in its Personal Store, so click Cancel.
3. The connection will show "Not Secure" so press F12 in order to inspect the certificate. (cmd+opt+i on a Mac)
4. Navigate from Elements to Security tab.
5. Click "View Certificate"
6. Once the certificate opens, please navigate to "Certification Path"
7. The Panorama server certificate is signed by the Root CA "localhost" - This is the certificate that was expiring on June 16th. We need top verify if the validity of this certificate is extended or not.
8. Click "localhost" certificate and then click "view Certificate"
9. Notice the validity of Root Certifiacte is extended.