This four-part guide provides quick instructions on how to generate a CSR Code and install an SSL Certificate on Palo Alto Networks. The first two sections focus on the technical aspect, while the latter segments contain a brief history of Palo Alto, as well as useful tips on where to buy the best SSL Certificate for Palo Alto Networks.

If you’ve already applied for an SSL certificate and generated the CSR code elsewhere, feel free to skip part one and jump straight to the installation guidelines. Use the links below to navigate between sections.

Generate a CSR code on Palo Alto Networks

To generate CSR code for your Palo Alto Network system, please follow the steps below:

  1. Log into your Palo Alto Network Dashboard
  2. Select the Device tab, and in the left section expand the Certificate Management tree and click on Certificates
  3. Move your cursor to the bottom of the screen and click Generate
  4. The Generate Certificate window will appear. Please, enter the following information:
    • Certificate Type: select Local
    • Certificate Name: give your SSL Certificate a friendly name
    • Common Name: enter the FQDN (fully-qualified domain name) you want to secure (e.g.,
    • Note: For a wildcard SSL Certificate, add an asterisk (*) in front of the domain name. For example,*
    • Signed by: from the drop-down list, select External Authority (CSR)
    • Certificate Authority:  Leave the radio button blank
    • OCSP responder: leave the default setting
    • Algorithm: RSA
    • Number of bits: select 2048 bits
    • Digest: sha256
    • Expiration (days): leave this field blank
  5. Next, you need to fill in the Certificate Attributes. Click add to submit the required details:
    • Country: enter the two-letter ISO code of your country. For example, US
    • State: write the full name of the state where your company is registered. For instance, Hawaii
    • Locality: type the full name of the city where your business is located. For example, Honolulu
    • Organization: specify the full legal name of your company. For instance, Your Company LLC
  6. Verify the info you’ve just submitted and then click Generate
  7. A pop-up window message will confirm the creation of your CSR and private key files
  8. To export and save your CSR file, check the box next to the Certificate Name, and click Export at the bottom of the page
  9. You can open the CSR code with any text editor such as Notepad. During the SSL enrollment process, you’ll need to copy the CSR contents into the corresponding box on your SSL vendor’s page
  10. The private key will remain on the Palo Alto Network system.

Install an SSL Certificate on Palo Alto Networks

After your CA validates your SSL request and sends the necessary SSL files to your email, you can continue with the SSL installation.

Prepare your SSL files

Download the ZIP folder and extract your primary and intermediate certificates. To install them on Palo Alto, you will have to merge them into a single file. Here’s how to do it:

  1. Open your primary SSL Certificate and copy the full text including —–BEGIN CERTIFICATE—– and —– END CERTIFICATE —–tags
  2. Create a new plain text document and paste the certificate’s content. Make sure you haven’t left any white spaces or extra line breaks
  3. Now, open your intermediate certificate and copy-paste its contents into the new plain text document you’ve just created, right under your primary SSL Certificate.

    Note: If you receive more than one intermediate certificate from your CA, place the second intermediate cert under the first.

  4. Your new plain text Notepad document should look like this:
    (SSL Certificate encrypted data)
    (Intermediate CA encrypted data)
  5. Save your Notepad SSL file containing primary and intermediate certificates with the same name as your CSR file.

Import your SSL Certificate

  1. Log into your Palo Network dashboard
  2. Select the Device Certificates tab, and in the left section expand the Certificate Management tree and click on Certificates
  3. At the bottom of the screen, click Import
  4. In the Import Certificate window, next to Certificate Name, enter the name of your SSL Certificate. It must be the same as the CSR name.
  5. Click Browse to locate your .cer SSL file. Leave the private key-related radio buttons blank.
  6. Click OK. The Device Certificates tab should display the certificate status as Valid.
  7. Click the certificate Name, and select the checkboxes relevant to your configuration on the firewall.
  8. Click OK, then Commit.

Congratulations, you’ve successfully installed an SSL Certificate on Palo Alto Networks.

Palo Alto Networks’ history

Palo Alto Networks is an American cybersecurity company specializing in network security and cloud computing. Founded in 2005 by Israeli-American Nir Zuk, the company developed and shipped its first firewall product in 2007.

Palo Alto Networks offers the following products:

  • Next-generation firewalls
  • Panorama network security control center
  • Traps advanced endpoint protection
  • Wildfire cloud-based threat analysis service
  • Logging Service
  • Application Framework cloud-delivered service

In 2018, Palo Alto Networks was listed 8th in the famous Forbes Digital 100 ranking.  The latest version of the  PAN-OS (the software that runs all Palo Alto Networks’ firewalls) is 10.2, last updated on August 8, 2022.

Where to buy the best SSL Certificate for Palo Alto Networks?

If you’re searching for affordable SSL Certificates, then SSL Dragon is your best SSL vendor. Our fast and user-friendly website will guide you through the entire range of SSL Certificates. All our products are signed by trusted Certificate Authorities and are compatible with Palo Alto Networks. We offer the following SSL validation types:

  • Domain Validation
  • Business Validation
  • Extended Validation
  • Wildcard
  • Multi-Domain
  • Code Signing
  • IP Address
  • Email/Documents

We bring you the best prices on the market and stellar customer support for any certificate you buy. And, if you’re struggling to find the perfect cert for your project, our SSL Wizard and Advanced Certificate Filter tools will give you quick suggestions.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.