Does the Device Certificate renew automatically?

Does the Device Certificate renew automatically?

3482
Created On 08/25/22 16:32 PM - Last Modified 07/28/25 18:07 PM


Question


Does the Device Certificate renew automatically without the firewall Admin's intervention?

Environment


  • Palo Alto Firewalls and Panorama
  • Supported PAN-OS versions.
  • Device Certificates.

Answer


  1. The Device certificate for the device has a lifetime of 90 days.
  2. The device will do nightly checks and automatically renew the certificate 15 days before the current certificate expires.
  3. The current certificate will be used for renewal authentication.
  4. If the device is unable to renew the certificate within the 15-day period for any reason, The device certificate expires, and the expired certificate cannot be used to renew the certificate, thus the client/firewall admin must manually renew the Device certificate.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlNcCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language