Palo Alto Networks – CSR Generation

Palo Alto Networks - CSR GenerationTo generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated.

When generating your CSR from your Palo Alto Network system your private key will be left on the system.

To generate a CSR for your Palo Alto Network system perform the following.

Step 1: Generating your CSR:

  1. Log into your Palo Alto Network system.
  2. Go to Device > Certificate Management > Certificates.
    Palo Alto Networks - CSR Generation
  3. On the bottom of the screen, click Generate.
    Palo Alto Networks - CSR Generation
  4. In the Generate Certificate window Specify the following:
    1. Certificate Type: Select Local.
    2. Certificate Name: Specify a friendly name for this certificate (save this name for later)  Example domain.com2018
    3. Common Name: Specify the Fully Qualified Domain Name.
    4. Signed By: From the drop down menu, select External Authority (CSR).
    5. Certificate Authority: Leave blank Do NOT check.
    6. OCSP responder: Leave as is default.
    7. Algorithm: Select RSA.
    8. Number of bits: 2048 bits or greater.
    9. Digest: sha256
    10. Expiration (days): Ignore
      1. Certificate Attributes:
        Under Certificate Attributes field you will click Add and specify the following fields as it applies to your organization.

        1. Country: The two letter ISO country code.
        2. State: The business registered state or province (Do not abbreviate).
        3. Locality: The Business registered location (not the actual server location).
        4. Organization: The Registered Organizational Name the certificate belongs to.
  5. When everything is set click Generate.
    Palo Alto Networks - CSR Generation
  6. You will get a confirmation window pop up stating that the keypair csr creation is complete.

Step 2: Exporting your CSR to submit to your Certificate Authority:

  1. Click the box nest to the Certificate Name to select the CSR certificate request.
  2. Click Export and save the file.
    Palo Alto Networks - CSR Generation

Congrats! Your private key pair has now been created on this system. Your CSR request has been created. You will open this file in notepad and copy and paste its contents into the enrollment portal of the Certificate Authority you are getting your SSL Certificate from. 

Note: When submitting a CSR to a CA authority, you may be asked to specify either the type of Web server on which the certificate was created or the type of Web server the certificate is for.  Select Apache (if more than one option with apache is available, choose other).


If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

Palo Alto Network Support:

For more information refer to Palo Alto

For a correct set of SSL installation instructions into your Palo Alto Network system click here

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »