Error message "Failed to fetch device certificate"

127251

Created On 03/24/22 19:37 PM - Last Modified 01/10/23 23:14 PM

Certificate Management

PAN-OS

Symptom

When trying to follow steps of Installing device certificate the certficate fetch fails.
System Logs display the error message "failed to fetch device certificate"

 critical general general 0 Failed to fetch device certificate.

CLI command show device-certificate status displays similar error

Device Certificate information:
Last fetched timestamp: xx/xx/xx xx:xx:xx
Last fetched status: failure
Last fetched info: Failed to fetch device certificate.
Failed to send request to CSP server.
Error: Operation timed out after 60000 milliseconds with 0 bytes received

Retrying by generating the OTP again, but the issue persists.

Note: Security rule is permitting application "paloalto-shared-services".

Environment

PA-3250
PAN-OS 10.0.7
Default service route configured
MTU Set to Default 1500

Cause

Management interface MTU size is affecting the communication to the CSP server.

Resolution

Lower the Management Interface MTU size below the configured default (Ex. set MTU to 1374). Refer MTU on management interface
The certificate should be fetched by the Firewall after this change.

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)