Does the Device Certificate renew automatically?

• Palo Alto Firewalls and Panorama
• Supported PAN-OS versions.
• Device Certificates.

1. The Device certificate for the device has a lifetime of 90 days.
2. The device will do nightly checks and automatically renew the certificate 15 days before the current certificate expires.
3. The current certificate will be used for renewal authentication.
4. If the device is unable to renew the certificate within the 15-day period for any reason, The device certificate expires, and the expired certificate cannot be used to renew the certificate, thus the client/firewall admin must manually renew the Device certificate.

• How to manually install a Device Certificate? 
• Install the Device Certificate for Multiple Managed Firewalls 
• Install the Device Certificate for a Managed Firewall 

The expired device certificate may be renewed automatically in the first boot during upgrading process,  if the device has outbound internet access and FQDNs and ports must be allowed on your network to reach to the Customer Support Portal.