Why is the system log logging "No valid device certificate found"?
133230
Created On 09/02/20 00:32 AM - Last Modified 08/01/22 01:46 AM
Question
Why is the system log logging "No valid device certificate found"?
Example:
- System Log:
2020/09/01 04:04:06 high general general 0 No valid device certificate found 2020/08/31 04:03:34 high general general 0 No valid device certificate found 2020/08/30 04:03:02 high general general 0 No valid device certificate found 2020/08/29 04:04:30 high general general 0 No valid device certificate found 2020/08/28 04:03:58 high general general 0 No valid device certificate found 2020/08/27 04:03:26 high general general 0 No valid device certificate found 2020/08/26 20:35:00 high general general 0 No valid device certificate found
- WebUI
Environment
- Palo Alto Firewall.
- PAN-OS 9.1.2 and above.
Answer
- In order to use the cloud services such as IoT Security, DLP, and Device Telemetry in PAN-OS version in 10.0.0, 9.1.2, 8.1.14 or later, a device certificate is required.
- If no a device certificate is installed:
- No valid device certificate found log will be generated in the system log.
- Device certificate not found will be shown in the Device Certificate Tab.
To resolve:
- Log in to the Customer Support Portal
- Select Assets > Device Certificates and Generate OTP.
- For the Device Type, select Generate OTP for Next-Gen Firewalls.
- Select your PAN OS Device serial number.
- Generate OTP and copy the OTP.
- Log in to your next-generation firewall as an admin user.
- Select Device > Setup > Management > Device Certificate and Get Certificate.
- Paste the One-time Password you generated and click OK.
- Your next-generation firewall successfully retrieves and installs the certificated.
Note: After a correct device certificate is successfully installed.
Additional Information
For more details on installing a device certificate, click this link: Install a Device Certificate