{"id":4571,"date":"2023-01-20T09:46:01","date_gmt":"2023-01-20T17:46:01","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4571"},"modified":"2023-01-20T09:46:04","modified_gmt":"2023-01-20T17:46:04","slug":"how-to-generate-a-csr-certificate-signing-request-import-the-signed-certificate-in-palo-alto","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4571","title":{"rendered":"How to Generate a CSR (Certificate Signing Request) &#038; Import the Signed Certificate in Palo Alto"},"content":{"rendered":"\n<p><strong>Environment<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>PAN-OS 7.1 and above.<\/li><li>Palo Alto Firewall.<\/li><\/ul>\n\n\n\n<p><strong>Resolution<\/strong><\/p>\n\n\n\n<p>PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on&#8230;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"toc-hId-1158995245\">Steps<\/h3>\n\n\n\n<p><strong>Generate the CSR<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Go to&nbsp;<em>Device &gt; Certificate Management &gt; Certificates.<\/em><br><img decoding=\"async\" alt=\"Certificate screen 1 - 7.1.png\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFf\"><\/li><li>Click &#8216;Generate&#8217; at the bottom of the screen.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFh\" alt=\"Certificate screen 2 - 7.1.png\" title=\"Certificate screen 2 - 7.1.png\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\"><li>Fill in the Certificate Name (save this name for later), Common Name (usually the FQDN), and select &#8220;External Authority (CSR)&#8221; for Signed By.<br><strong>Note:<\/strong>&nbsp;<strong>Do not select &#8216;Certificate Authority.&#8217;<\/strong><\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFd\" alt=\"Certificate screen 3 - 7.1.png\" title=\"Certificate screen 3 - 7.1.png\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\"><li>Complete the remaining details such as Country, Organization, and so on. Check with the Certificate Authority (CA) about their requirements for Certificate Attribute formatting and criteria.&nbsp;Click Generate to create the CSR.<br>&nbsp;<\/li><li>You should see the confirmation window when this is complete.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFr\" alt=\"Certificate screen 4 - 7.1.png\" title=\"Certificate screen 4 - 7.1.png\"\/><\/figure>\n\n\n\n<p><strong>Export the CSR<\/strong><\/p>\n\n\n\n<p>You will need to export the CSR to send to a third-party CA for signature:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Click the checkbox next to the Certificate Name or any whitespace on that line to select it.<br>&nbsp;<\/li><\/ol>\n\n\n\n<p><img decoding=\"async\" alt=\"Certificate screen 5 - 7.1.png\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFk\"><br><br><strong>Note<\/strong>: Newer PAN-OS will display&nbsp;<em><strong>Export Certificate<\/strong><\/em>&nbsp;instead of&nbsp;<strong><em>Export<\/em><\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li>Click&nbsp;<strong>Export&nbsp;or Export Certificate&nbsp;<\/strong>and save the file.<\/li><li>Send the exported CSR to a third-party Certificate Authority. The CA will respond with a signed certificate.<\/li><\/ol>\n\n\n\n<p><strong>Import the Signed Certificate<\/strong><br>&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Note the name, including capitalization, of the certificate to import. (<strong>This must match the CSR request from above.)<\/strong><\/li><li>Click the Import option at the bottom of the screen.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFp\" alt=\"Certificate screen 6 - 7.1.png\" title=\"Certificate screen 6 - 7.1.png\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\"><li>In the Import Certificate dialog, type the name of the pending certificate. It&nbsp;<strong>must match<\/strong>&nbsp;exactly.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFb\" alt=\"Certificate screen 7 - 7.1.png\" title=\"Certificate screen 7 - 7.1.png\"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\"><li>Click browse to select the signed certificate received from the Certificate Authority and click OK.<br>(<strong>Note<\/strong>: Do&nbsp;<strong>not<\/strong>&nbsp;click the Import Private Key checkbox as the private key is already on the firewall).<br>&nbsp;<\/li><li>Depending on the certificate authority used, it may be necessary to chain the intermediate certificate with the server certificate and import it before completing this step. For more information, refer&nbsp;<a href=\"http:\/\/live.paloaltonetworks.com\/docs\/DOC-4289\" target=\"_blank\" rel=\"noreferrer noopener\">How to Install a Chained Certificate Signed by a Public CA<\/a>.<\/li><li>Click OK. The certificate now appears valid and the key checkbox is selected. (CA checkbox will remain empty as it is not valid for this example.)<img decoding=\"async\" alt=\"csr.png\" src=\"https:\/\/knowledgebase.paloaltonetworks.com\/servlet\/rtaImage?eid=ka14u000000HeXu&amp;feoid=00N0g000003VPSv&amp;refid=0EM0g000001AeFe\"><\/li><\/ol>\n\n\n\n<p>A new, third-party signed certificate can now be used for GlobalProtect or any other function.<\/p>\n\n\n\n<p>Ref: <a href=\"https:\/\/knowledgebase.paloaltonetworks.com\/KCSArticleDetail?id=kA10g000000ClSxCAK\">How to Generate a CSR (Certificate Signing Request) &amp; Import th&#8230; &#8211; Knowledge Base &#8211; Palo Alto Networks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Environment PAN-OS 7.1 and above. Palo Alto Firewall. Resolution PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on&#8230; Steps Generate the CSR Go to&nbsp;Device &gt; Certificate Management &gt; Certificates. <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4571\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,9,1161],"tags":[1468],"class_list":["post-4571","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networks","category-palo-alto","tag-generate-a-csr-palo-alto"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4571"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4571\/revisions"}],"predecessor-version":[{"id":4572,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4571\/revisions\/4572"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}