How to ensure device certificate can be deleted

How to ensure device certificate can be deleted

3668
Created On 04/25/22 10:35 AM - Last Modified 03/13/25 21:36 PM


Objective


  • When a certificate is being used, the deletion will fail as the reference of certificate must first be removed.
  • This article provides steps to delete the device certificate as an example.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Certificates

Procedure


  1. If certificate is a Trusted Root CA, Go to Device > Certificate Management > Certificates > Device Certificates. Verify if all certificates signed by Root CA have been deleted before attempting to delete Root CA. 
  2. Verify that "Trusted Root CA " option for certificate  is unchecked before delete attempt. 
  3. If certificate is used for Global Protect  configuration, Verify that no Global Protect Portals/Gateway is making reference to SSL/TLS Service profile that contains any of certificates into be deleted. Go to Network > GlobalProtect > Portals / Gateways
  4. Verify if the certificate to be deleted is not referenced in any SSL/TLS Service profile. Go to Device > Certificate Management > SSL/TLS Service profile.

Additional Information


How To delete certificates on a Palo Alto Networks Firewall? 
Error Deleting Certificates on PAN-OS - SSL-DECRYPT -> TRUSTED-ROOT-CA 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OHUCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail