Why am I getting PAN-OS Certificate Expiration alerts on MOTD and system logs even though all corrective steps have been taken as per advisory?

Why am I getting PAN-OS Certificate Expiration alerts on MOTD and system logs even though all corrective steps have been taken as per advisory?

9461
Created On 01/02/24 06:49 AM - Last Modified 01/18/24 23:17 PM


Question


Why am I getting PAN-OS Certificate Expiration alerts even though I have taken all corrective steps as per the advisory?
 
  • MOTD after login to PAN-OS GUI:
6.png
 
  • System logs on CLI:
Time                Severity Subtype Object EventID ID Description
===============================================================================
2024/01/01 06:32:21 critical dynamic        palo-al 0  Urgent Action required: PAN-OS Certificate Expiration on Dec 31 2023. For details, refer to the following Customer Advisory: https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672
2024/01/01 11:47:56 medium   dynamic        palo-al 0  Warning: PAN-OS Certificate expired on Dec 31, 2023. If you have already implemented the required steps please ignore this message. Otherwise please refer to the following Customer Advisory: https://live.paloaltonetworks.com/t5/customer-advisories/emergency-update-required-pan-os-root-and-default-certificate/ta-p/564672
 
  • System logs/Email Alerts:

2.png

 
 

Environment


  • All PAN-OS firewalls
  • Panorama

Answer


The message is broadcasted to all devices regardless of platform and PAN-OS versions. If all the corrective actions have been taken as per the advisory, it is safe to ignore the message/alerts and no further action is needed.

This is also indicated through another MOTD
5.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WPICA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language