Palo Alto Networks Knowledgebase: How to Delete Certificates on a Palo Alto Networks Firewall

How to Delete Certificates on a Palo Alto Networks Firewall

12712
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:40 PM
Policy
Resolution

Overview

This document describes the steps to delete certificates on the Palo Alto Networks firewall via the WebGUI and CLI.

Note: Please make sure the certificate to be deleted is not currently in use, as it will not allow you to delete a certificate that is currently being used inside of the config.

Steps

On the WebGUI

  1. Go to Device > Certificate Management > Certificates
  2. Select the certificate to be deleted
  3. Click Delete at the bottom of the page, and then click Yes in the confirmation dialog
  4. Commit the configuration
    delete.PNG.png

On the CLI

  • Run the following CLI commands to delete the web server certificate:
    > configure
    # delete deviceconfig system web-server-certificate
    # commit
    # exit

  • To delete the shared ssl-decrypt certificates:
    > configure
    # delete shared ssl-decrypt <value>

forward-trust-certificate                                       CA certificate for trusted sites

forward-untrust-certificate                                 CA certificate for untrusted sites

root-ca-exclude-list                                                 List of predefined root CAs to not trust

ssl-exclude-cert                                                         ssl-exclude-cert

trusted-root-CA                                                           trusted-root-CA

owner: schaganti



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1uCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language