How to Delete Certificates on a Palo Alto Networks Firewall

How to Delete Certificates on a Palo Alto Networks Firewall

Created On 09/26/18 13:55 PM - Last Updated 02/07/19 23:40 PM



This document describes the steps to delete certificates on the Palo Alto Networks firewall via the WebGUI and CLI.

Note: Please make sure the certificate to be deleted is not currently in use, as it will not allow you to delete a certificate that is currently being used inside of the config.


On the WebGUI

  1. Go to Device > Certificate Management > Certificates
  2. Select the certificate to be deleted
  3. Click Delete at the bottom of the page, and then click Yes in the confirmation dialog
  4. Commit the configuration

On the CLI

  • Run the following CLI commands to delete the web server certificate:
    > configure
    # delete deviceconfig system web-server-certificate
    # commit
    # exit

  • To delete the shared ssl-decrypt certificates:
    > configure
    # delete shared ssl-decrypt <value>

forward-trust-certificate                                       CA certificate for trusted sites

forward-untrust-certificate                                 CA certificate for untrusted sites

root-ca-exclude-list                                                 List of predefined root CAs to not trust

ssl-exclude-cert                                                         ssl-exclude-cert

trusted-root-CA                                                           trusted-root-CA

owner: schaganti

  • Print
  • Copy Link

Choose Language