How to Generate a CSR code on Palo Alto Networks

  1. After Log into your Palo Alto Network Dashboard, navigate to Device >Certificate Management Certificates

2. click on Generate in the bottom of the page.

3. The Generate Certificate window will appear. Please, enter the following information:

Certificate Type: check Local

Certificate Name: give your SSL Certificate a friendly name

Common Name: enter the FQDN (fully-qualified domain name) you want to secure (e.g., vpn.pafirewall.com)

Note: For a wildcard SSL Certificate, add an asterisk (*) in front of the domain name. For example,*.pafirewall.com

Signed by: from the drop-down list, select External Authority (CSR)

Certificate Authority: Don’t check the radio button. Leave it blank

OCSP responder: leave the default setting

Algorithm: RSA

Number of bits: select 2048 bits

Digest: sha256

Expiration (days): leave this field blank

4. Click Add in the Certificate Attributes and enter the required details:

Country: enter the two-letter ISO code of your country. For example, US

State: write the full name of the state where your company is registered. For instance, Hawaii

Locality: type the full name of the city where your business is located. For example, Honolulu

Organization: specify the full legal name of your company. For instance, Your Company LLC

5. Click Generate. You will have Generate Certificate popup. Click OK to complete it.

6. Click Export at the bottom of the page. The Status changes to Pending. Note: you should import the new SSL ASAP. Otherwise, you may have a problem to login.

7. the CSR will be saved to the local folder, for example Download.

Note: The private key will remain on the Palo Alto Network system.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com