JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
 
Certificates
Our products range
Partners
Support
Focus


Generate a CSR for Palo Alto

Go to the Device - Certificate Management - Certificates - Device Certificatesmenu. If the appliance manages multile virtual systems (vsys), select the appropriate sytem via the Location menu.

Click Generate.

Enter a unique name for the certificate. If the certificat must be able for multiple vsys, check the Shared box.

In Signed By, select External Authority (CSR).

If you want to select an OCSP responder, it must have been previously created.

Now, configure the following certificate attributes:

  • CN: Common name / domain name / server name / FQDN:
    Indicate here your SSL server name, such as "secure.company.com", "www.my-domain.com" or "www.product.com". No IP address (learn more). No spaces nor blank characters.

    In the case you want to order a multiple-domains / SANs certificate, just enter the main address in the CSR. This one cannot be change during your certificate lifetime. Enter the other address to secure in the order form (those ones can be modified via reissuance).

    N.B.: Using certificates with internal names (xxx.local, yyy.priv, machine_name) or a domain that is not registered or controlled by IANA is disapproved by the CA/Browsers Forum and won't be accepted anymore by November 2015 (learn more).

  • O: Organisation / Company Name:
    indicate the corporate name of your company (no trade name or acronym), in uppercase preferably.

  • ST: State:
    in France indicate the name of the department where your company headquarters are based (not the number).

  • L: Location / City:
    indicate the city where your company headquarters are based.

  • C: Country:
    indicate FR if your company is in France, BE for Belgium, etc, in uppercase.

  • OU: Organisational unit / Department / Branch:
    We advise not to fill in this field or to enter a generic term such as "IT Department".

Click Generate. The Device Certificates list now contains an entry for your CSR with the state PendingSlect it and click Export to download your CSR.

See Also