Both Apache and Palo Alto Networks use x509 pem/crt/cer certificate files for their configurations. You will follow these steps to copy, move and import your files from Apache to the Palo Alto Networks system.
Apache systems are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system.
Below are generalized instructions. You will have to apply these examples to your own environment.
We will start by assuming that you have already successfully installed the SSL certificate on one Apache web server.
Step 1: Finding/converting your SSL certificate and key file on Apache:
- Referencing the httpd.conf or ssl.conf file on the Apache system look for the location and directories of the three files necessary on the Apache system that has the installed SSL certificate. “Of course remember your naming’s of these files and their directories MAY differ”
- SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateFile tells Apache how to find the the SSL certificate file. - SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateKeyFile tells Apache how to find the private key file. - SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- Copy these three files and back them up on a removable media USB drive or an alternate drive directory that can be accessed by the Palo Alto Networks system you are moving to.
- Change the extensions of your public.crt and your intermediate.crt files to the appropriate .cer extension i.e. public.cer & intermediate.cer
Step 2: Importing your SSL Certificate into Palo Alto Networks:
- Log into your Palo Alto Network system.
- Go to Device > Certificate Management > Certificates.
- When importing your SSL certificate you must use the same Certificate Name used during CSR creation. You will see the status of the CSR request marked as Pending.
- Click the Import option at the bottom of the screen.
- In the Import Certificate window, under Certificate Name specify a name of your choice.
- On Certificate File, click browse to specify the name and path of the public.cer SSL Certificate file you created.
- From the File Format drop down, make sure Base64 Encoded Certificate (PEM) is selected.
- Select Import private key
- Under Key File click browse to specify the location and path of your private.key file.
- If your private.key has a Passphrase associated with it specify this within the Passphrase and Confirm Passphrase fields.
- Click ok.
- The SSL Certificate will now appear as valid and will be ready for any function you desire on the Palo Alto Network system.
Congrats you have configured your Pulse Secure system with your new SSL Certificate.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
Palo Alto Network Support:
For more information refer to Palo Alto