How to Delete Certificates on a Palo Alto Networks Firewall - Knowledge Base - Palo Alto Networks

How to Delete Certificates on a Palo Alto Networks Firewall

135279

Created On 09/26/18 13:55 PM - Last Modified 03/26/24 01:54 AM

Certificate Profile

Certificate Management

PAN-OS

Symptom

This document describes the steps to delete certificates on the Palo Alto Networks firewall via the WebGUI and CLI.

Environment

Palo Alto Firewalls
Supported PAN-OS
Certificates.

Resolution

Prerequisite:

Ensure the certificate to be deleted is not currently in use ( such as GlobalProtect / decryption etc)
The steps will fail if you try to delete a certificate that is currently being used.

Steps

On the WebGUI

Go to Device > Certificate Management > Certificates
Select the certificate to be deleted
Click Delete at the bottom of the page, and then click Yes in the confirmation dialog
Commit the configuration

On the CLI:

Run the following CLI commands to delete the web server certificate:

> configure   >>>(delete command below only works in configuration mode)
# delete deviceconfig system web-server-certificate
# commit
# exit

To delete the shared ssl-decrypt certificates:

> configure   >>>(delete command below only works in configuration mode)
# delete shared ssl-decrypt <value>

forward-trust-certificate          CA certificate for trusted sites
forward-untrust-certificate        CA certificate for untrusted sites
root-ca-exclude-list               List of predefined root CAs to not trust
ssl-exclude-cert                   ssl-exclude-cert
trusted-root-CA                    trusted-root-CA

# commit
# exit

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)