Error message "Failed to fetch device certificate"

Error message "Failed to fetch device certificate"

84308
Created On 03/24/22 19:37 PM - Last Modified 01/10/23 23:14 PM


Symptom


  • When trying to follow steps of Installing device certificate the certficate fetch fails.
  • System Logs display the error message "failed to fetch device certificate"
 critical general general 0 Failed to fetch device certificate.
  • CLI  command show device-certificate status displays similar error
Device Certificate information:
Last fetched timestamp: xx/xx/xx xx:xx:xx
Last fetched status: failure
Last fetched info: Failed to fetch device certificate.
Failed to send request to CSP server.
Error: Operation timed out after 60000 milliseconds with 0 bytes received
  • Retrying by generating the OTP again, but the issue persists.
Note: Security rule is permitting application "paloalto-shared-services".


​​​

Environment


  • PA-3250
  • PAN-OS 10.0.7
  • Default service route configured
  • MTU Set to Default 1500

Cause


Management interface MTU size is affecting the communication to the CSP server.

Resolution


  1. Lower the Management Interface MTU size below the configured default (Ex. set MTU to 1374). Refer MTU on management interface
  2. The certificate should be fetched by the Firewall after this change.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NlxCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language