What are the certificate requirements when configuring IPSec using certificates?

What are the certificate requirements when configuring IPSec using certificates?

277
Created On 11/06/25 09:08 AM - Last Modified 01/16/26 20:31 PM


Question


What are the certificate requirements when configuring IPSec using certificates?

Environment


  • Prisma Access
  • NGFW
  • IPsec

Answer


  1. Depending on the option chosen, the certificate needs Subject Alternative Name (SAN) field or only with Common Name (CN):
    • IP - Got from a SAN field, therefore, SAN is mandatory.
    • FQDN - Got from a SAN field, therefore, SAN is mandatory.
    • Email address - Got from a SAN field, therefore, SAN is mandatory.
    • Distinguished Name (Subject) - Subject is composed of multiple SAN and CN, if the certificate does not have any SAN field, then the subject would be the CN.
  2. Certificates without SAN can only be used when "Distinguished Name" is selected.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000bm2iKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail