How to configure certificate expiration check? - Knowledge Base - Palo Alto Networks

How to configure certificate expiration check?

47754

Created On 02/03/20 20:04 PM - Last Modified 03/03/22 17:34 PM

Certificate Profile

Certificate Management

8.1

8.0

7.1

9.0

9.1

PAN-OS

Objective

This article helps in configuring a firewall setting to create warning messages when on-box certificates near their expiration dates.

Environment

PAN-OS 7.1 and above
Palo Alto Firewall.

Procedure

Configuration for the certificate expiration check can be done through the Web-UI following the below steps:

Log into the Web-UI of the Firewall.
Navigate to Device> Setup> Management> General Settings.
Click on the gear icon of the General Settings to edit.
Enable the checkbox for "Certificate Expiration Check" as shown in the below screenshot.
Commit Changes.

Note: Please note that the certificate check is only for the Device Certificate of the FW and not for all the certificates present on the firewall under Device->Certificates.

Additional Information

A warning message appears on the System logs as below 15days before when the Device Certificate is about to expire.

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)