How is the renewal process initiated when a device certificate gets closer to its expiration date?

How is the renewal process initiated when a device certificate gets closer to its expiration date?

11329
Created On 03/22/22 02:18 AM - Last Modified 05/25/23 02:59 AM


Question


How is the renewal process initiated when a Device Certificate gets closer to its expiration date?

Environment


  • Panorama
  • PA-Series Next-Generation Firewalls
  • Device Certificate

Answer


  1. The lifetime of a Device Certificate is set to 90 days.
  2. The device will do nightly check and automatically renew its certificate 15 days prior to the expiration of the existing certificate. The existing certificate will be used as authentication for renewal.
  3. If for any reason, the device cannot perform certificate renewal in 15 days window. For example, the device is offline for long time and come back online. The Device Certificate expires, and the expired certificate will not be used to renew, hence the customer needs to go through the certificate onboarding process again (Refer Install a Device Certificate )
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NiPCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail