How to Install a Chained Certificate Signed by a Public CA
When configuring a Palo Alto Networks Next-Generation Firewall, a certificate signed by a trusted public Certificate Authority (CA) may be desired on:
- Captive Portal ("CP") pages
- Response Pages
- GlobalProtect ("GP") Portal
Many public CAs use chained certificates, that is, certificates not signed by the Root CA itself, but one or more Intermediate CAs. These are usually owned and operated by the same CA but gives that CA flexibility and ease of revocation if a problem arises.
- PAN-OS 7.1 and above.
- Any Palo Alto Firewall.
- Any Panorama.