How to troubleshoot certificate fetch failure for Cortex Data Lake (CDL)

How to troubleshoot certificate fetch failure for Cortex Data Lake (CDL)

16771
Created On 07/29/22 17:53 PM - Last Modified 08/23/23 22:40 PM


Objective


Troubleshooting certificate fetch failure for Cortex Data Lake (CDL)

Environment


  • Palo Alto Networks Firewall
  • Cortex Data Lake (CDL)


Procedure


  1. Check that the firewall is in sync with the NTP server:
    > show ntp
  2. Re-fetch the certificate:
    1. For release 10.1or later, the device-certificate can be fetched using CLI below, where <value> is the one time password OTP needed to fetch the certificate from the customer support portal CSP server:
      > request certificate fetch otp <value>  
    2. For release 10.0 or earlier, fetch the Logging-service certificate. Log files to check if any issue during the fetch is ms.log. CLI to manually fetch the Logging-service certificate in case of issues seen:
      1. For firewall managed by panorama:
        > request logging-service-forwarding certificate fetch
      2. For unmanaged firewall:
        > request logging-service-forwarding certificate fetch-noproxy pre-shared-key <value>
        here value is the pre-shared key from the customer support portal CSP.
      3. If needed to delete the CDL/logging service certificate prior to re-fetching it use:
        > request logging-service-forwarding certificate delete
  3. If none of the above fixes your problem, then contact our technical support team.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CquuCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language