- After Log into your Palo Alto Network Dashboard, navigate to Device >Certificate Management > Certificates
2. click on Generate in the bottom of the page.
3. The Generate Certificate window will appear. Please, enter the following information:
Certificate Type: check Local
Certificate Name: give your SSL Certificate a friendly name
Common Name: enter the FQDN (fully-qualified domain name) you want to secure (e.g., vpn.pafirewall.com)
Note: For a wildcard SSL Certificate, add an asterisk (*) in front of the domain name. For example,*.pafirewall.com
Signed by: from the drop-down list, select External Authority (CSR)
Certificate Authority: Don’t check the radio button. Leave it blank
OCSP responder: leave the default setting
Algorithm: RSA
Number of bits: select 2048 bits
Digest: sha256
Expiration (days): leave this field blank
4. Click Add in the Certificate Attributes and enter the required details:
Country: enter the two-letter ISO code of your country. For example, US
State: write the full name of the state where your company is registered. For instance, Hawaii
Locality: type the full name of the city where your business is located. For example, Honolulu
Organization: specify the full legal name of your company. For instance, Your Company LLC
5. Click Generate. You will have Generate Certificate popup. Click OK to complete it.
6. Click Export at the bottom of the page. The Status changes to Pending. Note: you should import the new SSL ASAP. Otherwise, you may have a problem to login.
7. the CSR will be saved to the local folder, for example Download.
Note: The private key will remain on the Palo Alto Network system.