: Change a Client Certificate
Focus
Focus

Change a Client Certificate

Table of Contents
End-of-Life (EoL)

Change a Client Certificate

Complete the following task to replace a client certificate.
  1. Obtain or generate the device certificate.
    You can deploy certificates on Panorama or a server Log Collector by generating a self-signed certificate on Panorama or obtaining a certificate from your enterprise CA or a trusted third-party CA.
    Set the common name to $UDID or subject to CN=$UDID (in the SCEP profile) if authorizing client devices based on serial number.
    • You can generate a self-signed certificate on Panorama or obtain a certificate from your enterprise CA or a trusted third-party CA.
    • If you are using SCEP for the device certificate, configure a SCEP profile. SCEP allows you to automatically deploy certificates to managed devices. When a new client devices with a SCEP profile attempts to authenticate with Panorama, the certificate is sent by the SCEP server to the device.
  2. Change the certificate in the certificate profile.
    1. Select DeviceCertificate ManagementCertificate Profile and select the certificate profile.
    2. Under CA Certificates, Add the new certificate to assign to the certificate profile.
    3. Click OK.
    4. Commit your changes.