Home / Tutorials / Generate a CSR on Palo Alto Networks

How to Generate a CSR on Palo Alto Networks?

In this tutorial, we will show you how to generate a CSR on Palo Alto Network system.

Please follow the steps below:

  1. Log into your Palo Alto Network Dashboard
  2. Select the Device tab, and in the left section expand the Certificate Management tree and click on Certificates
  3. Move your cursor to the bottom of the screen and click Generate
  4. The Generate Certificate window will appear. Please, enter the following information:
    • Certificate Type: select Local
    • Certificate Name: give your SSL Certificate a friendly name
    • Common Name: enter the FQDN (fully-qualified domain name) you want to secure (e.g., yoursite.com)
      Note: For a wildcard SSL Certificate, add an asterisk (*) in front of the domain name. For example,*.yoursite.com
    • Signed by: from the drop-down list, select External Authority (CSR)
    • Certificate Authority:  Leave the radio button blank
    • OCSP responder: leave the default setting
    • Algorithm: RSA
    • Number of bits: select 2048 bits
    • Digest: sha256
    • Expiration (days): leave this field blank
  5. Next, you need to fill in the Certificate Attributes. Click add to submit the required details:
    • Country: enter the two-letter ISO code of your country. For example, US
    • State: write the full name of the state where your company is registered. For instance, Hawaii
    • Locality: type the full name of the city where your business is located. For example, Honolulu
    • Organization: specify the full legal name of your company. For instance, Your Company LLC
  6. Verify the info you’ve just submitted and then click Generate
  7. A pop-up window message will confirm the creation of your CSR and private key files
  8. To export and save your CSR file, check the box next to the Certificate Name, and click Export at the bottom of the page

You can open the CSR code with any text editor such as Notepad. During the SSL enrollment process, you’ll need to copy the CSR contents into the corresponding box on your SSL vendor’s page

The private key will remain on the Palo Alto Network system.