Panorama Template Stack doesn't inherit Trusted Root CA setting from Template

Panorama Template Stack doesn't inherit Trusted Root CA setting from Template

1898
Created On 01/23/23 20:39 PM - Last Modified 05/14/24 02:21 AM


Symptom


Panorama Template Stack doesn't inherit Trusted Root CA setting from Template when another Device Certificate in the template stack is configured as Trusted Root CA.

Environment


  • Panorama appliances.
  • PAN-OS 8.1 and above
  • Certificates

Cause


Per design, Trusted Root CA setting for a CA must be configured as part of the template configuration and not part of the template stack configuration.

Resolution


  1. Delete Trusted Root CA setting from the template stack configuration via WebUI or CLI
  2. Commit the configuration
CLI commands below:
> configure
# delete template-stack TEMPLATE_STACK_NAME config shared ssl-decrypt trusted-root-CA
# commit 
# exit
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sab6CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail