How to configure certificate expiration check?

How to configure certificate expiration check?

35740
Created On 02/03/20 20:04 PM - Last Modified 03/03/22 17:34 PM


Objective


This article helps in configuring a firewall setting to create warning messages when on-box certificates near their expiration dates.
 

Environment


  • PAN-OS 7.1 and above
  • Palo Alto Firewall.

Procedure


Configuration for the certificate expiration check can be done through the Web-UI following the below steps:
  1. Log into the Web-UI of the Firewall.
  2. Navigate to Device> Setup> Management> General Settings.
  3. Click on the gear icon of the General Settings to edit.
  4. Enable the checkbox for "Certificate Expiration Check" as shown in the below screenshot.
  5. Commit Changes.

User-added image

Note: Please note that the certificate check is only for the Device Certificate of the FW and not for all the certificates present on the firewall under Device->Certificates.

Additional Information


  • A warning message appears on the System logs as below 15days before when the Device Certificate is about to expire.
image.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POWJCA4&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language