When trying to import a cert with the private key bundled you get an error:
Import of certificate and private-key CERT-NAME failed. private key doesn't exist for csr.
Importing the signed cert with the same name as the CSR doesn't work. Panorama adds cert_ to the front of the name
You need to port cert_ in front for example if cert is called CERT-NAME you put cert_CERT-NAME
CSR import
Import the CA bundle if not done already
If you make duplicates will have to delete on CLI
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHyVCAU&lang=en_US%E2%80%A9
tick your pending CSR
click import
give the same name as your csr request
select the pem file
PEM file format
ok
commit
Importing SAML cert
Create new cert and make it active
Delete old/inactive cert
Wait a few minutes for cloud to do its thing
Download the .xml files
In palo delete old certs and commit
Going into SAML IDP provider
Import
Untick validate checkbox
This will import the cert and create a saml profile
User your new saml profile in your auth sequence
Test connection to GP etc
No comments:
Post a Comment