How to install a Global Root CA certificate into the local computer certificate store.

As parts of the agent are running as SYSTEM and not under the logged on users account the agent might encounter connectivity issues if the required Root CA certificates are only installed in the "Users" certificate store and not in the "Local Machine" certificate store.

This article will provide a step by step guide explaining how to install the certificate in the "Local Machine's" “Trusted Root Certificate Authorities” store.

• NGFW
• Windows

1. Obtain the certificate you want to install.
2. Open up the run window by pressing "win-key"+"R" 
3. type "mmc" and hit "enter"
4. Hit "CTRL"+"M"
5. From the left column select "Certificates" and click "add"
6. Select "Computer account" and click "Next".
7. Select "Local Computer" click "Finish"
8. Click "OK"
9. Click "Certificates" in the left pane. 
10. Right click "Trusted Root Certificate Authorities" in the right pane.
11. From the right-click menu select "All Tasks" -> "Import..."
12. Click next.
13. Click "browse" and locate the certificate you want to install.
14. Click "Next".. "Next".. and "Finish".

For more information regarding the XDR agents connectivity requirements, please read the following page of our documentation.

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-endpoint-protection/enable-access-to-cortex-xdr0