How to renew a locally generated certificate (self-signed certificate)

How to renew a locally generated certificate (self-signed certificate)

92144
Created On 02/19/20 02:39 AM - Last Modified 06/24/25 19:23 PM


Objective


To renew a locally generated certificate (self-signed) to increase the expiry date.

Environment


  • PAN-OS 8.1 and above
  • Palo Alto Firewall.
  • Device certificates installed.

Procedure


  1. Select the certificate to be renewed under GUI : Device >  Certificate Management > Certificates
Device certificate
  1. Click on Renew and enter the new expiration Interval and Click OK.
Renew Certificate
 
  1. Expiration date is now modified to reflect the change.
New Expiration date
  1. Commit the changes.

Note:  If the certificate has a SAN field populated, it will be lost when renewing the cert. Refer to When renewing a certificate the SANs will be lost.

Additional Information


The certificate expiry date can only be increased and cannot be decreased.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POioCAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language