Uploading an updated intermediate device certificate through Panorama fails with the error "Import of <Cert-Name> failed. private key doesn't exist for csr"

•  Importing a new intermediate certificate with the same name to replace the current intermediate certificate under the same chain to avoid breaking it. 
•  Import will fail with the error: "Import of <Certificate-Name> failed. private key doesn't exist for csr" :

• Configd.log is showing an internal error when attempting to import : 

04:17:53.618 -0700 Error:  insert_cert_node(pan_ops_common_cert.c:674): private key doesn't exist for csr
04:17:53.618 -0700 Error:  insert_cert_by_path_or_content(pan_ops_common_cert.c:1692): Internal error. Failed to insert xml node

•  Both certificates share the same attributes such as issued-to/issued-by, Subject Key Identifier (SKI), and Authority Key Identifier (AKI), but some attributes are updated (e.g. validity date).

• Palo Alto Networks Firewall
• Panorama
• Supported PAN-OS
• Certificate Management

1. Upload the new Intermediate certificate to the Panorama with a different name:
   • Navigate to Templates > Device > Choose the Template > Certificate Management > Certificates > Import.
   • Click on Browse and load the certificate.
   • Use a new name in the Certificate Name field
2. Delete the old intermediate certificate from the Panorama CLI:

admin@Panorama> configure
admin@Panorama# delete template <Template_Name> config sys vsys<#> certificate <Old-Certificate-Name>