: Install the Panorama Device Certificate
Focus
Focus

Install the Panorama Device Certificate

Table of Contents
End-of-Life (EoL)

Install the Panorama Device Certificate

Install the Panorama device certificate to leverage Palo Alto Networks cloud services.
In PAN-OS 9.1.3 and later releases, you must install the device certificate on the Panorama™ management server to successfully authenticate Panorama with the Palo Alto Networks Customer Support Portal (CSP) and leverage cloud services such as Zero Touch Provisioning (ZTP), Device Telemetry, IoT, and Enterprise Data Loss Prevention (DLP). Panorama must have internet access to successfully install the device certificate.
If you are leveraging the Cloud Services plugin, you must have Cloud Services plugin 1.5 or later release installed to successfully install the Panorama device certificate.
  1. Register Panorama with the Palo Alto Networks Customer Support Portal (CSP).
  2. Configure the Network Time Protocol (NTP) server.
    An NTP server is required validate the device certification expiration date, ensure the device certificate does not expire early or become invalid.
    1. Log in to the Panorama Web Interface.
    2. Select PanoramaSetupServices.
    3. Select NTP and enter the hostname pool.ntp.org as the Primary NTP Server or enter the IP address of your primary NTP server.
    4. (Optional) Enter a Secondary NTP Server address.
    5. (Optional) To authenticate time updates from the NTP server(s), for Authentication Type, select one of the following for each server.
      • None (default)—Disables NTP authentication.
      • Symmetric Key—Firewall uses symmetric key exchange (shared secrets) to authenticate time updates.
        • Key ID—Enter the Key ID (1-65534)
        • Algorithm—Select the algorithm to use in NTP authentication (MDS or SHA1)
    6. Click OK to save your configuration changes.
    7. Select Commit and Commit to Panorama.
  3. Generate the One Time Password (OTP).
    1. Log in to the Customer Support Portal.
    2. Select AssetsDevice Certificates and Generate OTP.
    3. For the Device Type, select Generate OTP for Panorama and Generate OTP.
    4. Select the Panorama Device serial number.
    5. Generate OTP and copy the OTP.
  4. Log in to the Panorama Web Interface as an admin user.
  5. Select PanoramaSetupManagementDevice Certificate Settings and Get certificate.
  6. Enter the One-time Password you generated and click OK.
  7. Panorama successfully retrieves and installs the certificate.