One certificate can be used for multiple purposes using Subject Alternate Names.
If using a certificate for VPN there can be a DNS host entry for vpn.yourcompany.com
If using a certificate for Palo Alto Networks firewall GUI access there may be a DNS host entry for the name of the firewall "pan-fw01.yourcompany.com"
Instead of generating multiple certificates, one certificate can be generated and it given multiple "Common Names"
In Public Certificate Authorities, "Subject Alternate Names" can be used and this can also be done with self signed certificates.
Follow the steps below:
When generating the certificate, give the certificate a "Common Name" that will be used to resolve to a DNS host entry. In the example below, this certificate was made a private CA, but this technique can be used for generating CSR's as well: To generate the certificate go to Devices > Certificates and click "Generate".
Add the "Subject Alternate Names" by going to "Certificate Attributes" and selecting "Host Name" or "IP Address:
Verify that the Subject Alternate Names have been added by exporting the certificate and "Double clicking" it to open. Notice the "Subject" is still the host entry that was applied for the Common Name but now has a "Subject Alternate Names.
This will now allow safe access to different URL's using the newly generated certificate.