sslsd-logo

How to move an SSL Certificate from Apache to Palo Alto Networks

Both Apache and Palo Alto Networks use x509 pem/crt/cer certificate files for their configurations. You will follow these steps to copy, move and import your files from Apache to the Palo Alto Networks system.

Apache systems are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system.

Below are generalized instructions. You will have to apply these examples to your own environment. 

We will start by assuming that you have already successfully installed the SSL certificate on one Apache web server.How to move an SSL Certificate from Apache to Palo Alto Networks

Step 1: Finding/converting your SSL certificate and key file on Apache:

  1. Referencing the httpd.conf or ssl.conf  file on the Apache system look for the location and directories of the three files necessary on the Apache system that has the installed SSL certificate. “Of course remember your naming’s of these files and their directories MAY differ”
    • SSLCertificateFile /usr/local/ssl/crt/public.crt
      SSLCertificateFile tells Apache how to find the the SSL certificate file.
    • SSLCertificateKeyFile /usr/local/ssl/private/private.key
      SSLCertificateKeyFile tells Apache how to find the private key file.
    • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
      SSLCertificateChainFile
      or SSLCACertificateFile tells Apache the location of the Intermediate file.
      apache

  2. Copy these three files and back them up on a removable media USB drive or an alternate drive directory that can be accessed by the Palo Alto Networks system you are moving to.
  3. Change the extensions of your  public.crt and your intermediate.crt files to the appropriate .cer extension i.e. public.cer & intermediate.cer

Step 2: Importing your SSL Certificate into Palo Alto Networks:

  1. Log into your Palo Alto Network system.How to move an SSL Certificate from Apache to Palo Alto Networks
  2. Go to Device > Certificate Management > Certificates.
  3. When importing your SSL certificate you must use the same Certificate Name used during CSR creation. You will see the status of the CSR request marked as Pending.
  4. Click the Import option at the bottom of the screen.
    How to move an SSL Certificate from Apache to Palo Alto Networks
  5. In the Import Certificate window, under Certificate Name specify a name of your choice.
  6. On Certificate File, click browse to specify the name and path of the public.cer SSL Certificate file you created.
  7. From the File Format drop down, make sure Base64 Encoded Certificate (PEM) is selected.
  8. Select Import private key
  9. Under Key File click browse to specify the location and path of your private.key file.
  10. If your private.key has a Passphrase associated with it specify this within the Passphrase and Confirm Passphrase fields.
  11. Click ok.
    How to move an SSL Certificate from Apache to Palo Alto Networks
  12. The SSL Certificate will now appear as valid and will be ready for any function you desire on the Palo Alto Network system.
    How to move an SSL Certificate from Apache to Palo Alto Networks

Congrats you have configured your Pulse Secure system with your new SSL Certificate.


If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

Palo Alto Network Support:

For more information refer to Palo Alto

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »