How to Delete Certificates on a Palo Alto Networks Firewall

How to Delete Certificates on a Palo Alto Networks Firewall

107216
Created On 09/26/18 13:55 PM - Last Modified 03/26/24 01:54 AM


Symptom


This document describes the steps to delete certificates on the Palo Alto Networks firewall via the WebGUI and CLI.

Environment


  • Palo Alto Firewalls 
  • Supported PAN-OS
  • Certificates.

Resolution


Prerequisite:

  • Ensure the certificate to be deleted is not currently in use ( such as GlobalProtect / decryption etc)
  • The steps will fail if you try to delete a certificate that is currently being used.

 

Steps

On the WebGUI

  1. Go to Device > Certificate Management > Certificates
  2. Select the certificate to be deleted
  3. Click Delete at the bottom of the page, and then click Yes in the confirmation dialog
  4. Commit the configuration
    delete.PNG.png

On the CLI:

  1. Run the following CLI commands to delete the web server certificate: 
    > configure   >>>(delete command below only works in configuration mode)
# delete deviceconfig system web-server-certificate
# commit
# exit
  2. To delete the shared ssl-decrypt certificates: 
    > configure   >>>(delete command below only works in configuration mode)
# delete shared ssl-decrypt <value>

forward-trust-certificate          CA certificate for trusted sites
forward-untrust-certificate        CA certificate for untrusted sites
root-ca-exclude-list               List of predefined root CAs to not trust
ssl-exclude-cert                   ssl-exclude-cert
trusted-root-CA                    trusted-root-CA

# commit
# exit

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language