The Default Trusted Certificate Authorities store (DeviceCertificate ManagementCertificatesDefault Trusted Certificate Authorities) contains certificates from the most common and trusted certificate authorities (CAs). Palo Alto Networks Next-Generation Firewalls use these preinstalled certificates to secure connections to the internet. The trusted CA store displays the name, subject, issuer, expiration date, and validity status of each certificate in the list.

You can enable, disable, or export CA certificates from the store. To add additional enterprise CA certificates to your firewall, obtain the certificates and import them to Device Certificates (DeviceCertificate ManagementCertificates, then Device Certificates).