Device certificate page does not load

Device certificate page does not load

7907
Created On 06/28/21 15:23 PM - Last Modified 12/06/22 04:22 AM


Symptom


  • Device Certificate page (Devices>Certificate Management >Device Certificates tab) is not loading on the Palo Alto Firewall.
  • All other tabs are loading including the Default Trusted Certificate Authorities tab.
  • This prevents the ability to generate or renew any certificate for use.

Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • Device Certificates.

Cause


Duplicate certificates having the same Common Name/Subject.

Example: Certificate "GlobalProtect" and "GPServCert1" both have the same common name (x.y.51.1) (Note: IP masked) 
<entry name="GlobalProtect" <issuer>/CN=x.y.51.1</issuer> <common-name>x.y.57.1</common-name> <expiry-epoch>1621518943</expiry-epoch> <ca>yes</ca> <subject>/CN=x.y.51.1</subject>

<entry name="GPServCert1" <issuer>/CN=GlobalProtectInt</issuer> <common-name>x.y.57.1</common-name> <expiry-epoch>1621521825</expiry-epoch> <ca>no</ca> <subject>/CN=x.y.51.1</subject>

 

 

 

Resolution


To resolve this issue, find duplicate certificates with that have the same Common Name/Subject and delete the certificate that is not needed.

  1. Delete certificates from the CLI use the following command:
> configure
# delete shared certificate <certificate_name>
# commit
# exit
  1. After Commit, the Device Certificate page should load correctly.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VjXCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language