We’re trying to obtain SSL certificate for web-gui of our palo alto firewall. I’ve generated CSR file and trying to verify my ownership for one of web-gui firewall portals. As it’s not based on any of the webserver etc and FW has it’s own cli only I can’t verify our ownership of this domain (via e.g. certbot) . Could you please advise and suggest the way we can obtain Let’s Encrypt certification for this FW based portal?
I’ve seen some of the steps for Cisco or Checkpoint FW in the community, but seen nothing for Palo Alto.
Hi Steven,
Thanks for your reply. However, I’ve seen this thread and it doesn’t satisfy me at all. I’m waiting for someone who has knowledge about step by step verification of FQDN ownership or sth similar.
It might not be very convenient to use Let’s Encrypt for this device because our certificates only last for 90 days and you may not be able to install certificates automatically. So, you might have to repeat a manual process relatively frequently.
If you can’t post files on a web server, you would be able to obtain a certificate using DNS verification. Do you have an API for your DNS provider? Or you could create a CNAME record for the _acme-challenge subdomain of your name and then point that at another DNS provider that can be updated by API.