Install a Device Certificate
Focus
Focus

Install a Device Certificate

Table of Contents
End-of-Life (EoL)

Install a Device Certificate

Install a device certificate from the firewall.
Your next-generation firewall can leverage cloud services such as Device Telemetry and IoT. To do this, you must install a device certificate to successfully authenticate the firewall with the Palo Alto Networks Customer Support Portal (CSP) to leverage these cloud services. The circumstances under which a device certificate is required will differ from feature to feature, so install a device certificate only if the feature's setup documentation tells you that this needs to be done.
You only need to install a device certificate once. Every feature that uses device certificates will use the certificate installed on your firewall if it already exists.
You can install a device certificate to firewalls that are managed by Panorama. If you want to install a device certificate directly to a single next-generation firewall (that is, you are not using Panorama):
  1. Generate the One Time Password (OTP).
    1. Log in to the Customer Support Portal.
    2. Select AssetsDevice Certificates and Generate OTP.
    3. For the Device Type, select Generate OTP for Next-Gen Firewalls.
    4. Select your PAN OS Device serial number.
    5. Generate OTP and copy the OTP.
  2. Log in to your next-generation firewall as an admin user.
  3. Select DeviceSetupManagementDevice Certificate and Get certificate.
  4. Paste the One-time Password you generated and click OK.
  5. Your next-generation firewall successfully retrieves and installs the certificate.