Skip to main content

How to install SSL certificates on PaloAlto firewall appliance

User-added image

Before you begin...

  • Never share private keys files.

  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method ( e-mail is not considered a secure method of transfer ).

  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.

  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.

  • For more information on SSL/TLS Best Practices, click here .

Get your CSR:

1. Navigate to Device-> Certificate Management -> Certificates

2. Select “ Generate ” at the bottom of the screen

3. On the new page:

a. Name the certificate

b. Enter the common name

c. Select “External Authority (CSR)

d. Modify the cryptographic settings if required

e. Enter certificate attributes (eg. Country, State, OU)

f. Press generate

4. Export your CSR. Select the checkbox beside the desired certificate and press export on the bottom of the page and save the file.

How to Import CSR

1. After going through steps 1-3 in previous section, select Import at the bottom of the page

2. Type out the certificate name (It must be exactly the same as the one that was exported)

3. Locate the signed certificate file and upload it

4. Don’t select “Import private key” as it already resides on the firewall

5. Press OK .

The certificate will now show as valid as well as the expiry date for the certificate.


If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country

Number

Australia

0011 - 800-3687-7863
1-800-767-513

Austria

00 - 800-3687-7863

Belgium

00 - 800-3687-7863

Denmark

00 - 800-3687-7863

Finland

990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)

France

00 - 800-3687-7863

Germany

00 - 800-3687-7863

Hong Kong

001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)

Ireland

00 - 800-3687-7863

Israel

014 - 800-3687-7863

Italy

00 - 800-3687-7863

Japan

001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)

Korea

001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)

Malaysia

00 - 800-3687-7863

Netherlands

00 - 800-3687-7863

New Zealand

00 - 800-3687-7863
0800-4413101

Norway

00 - 800-3687-7863

Singapore

001 - 800-3687-7863

Spain

00 - 800-3687-7863

Sweden

00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)

Switzerland

00 - 800-3687-7863

Taiwan

00 - 800-3687-7863

United Kingdom

00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088