PAN-OS - Generating a Certificate on the CLI

For my PKI on my LAN I needed a few certificates signed by my CA Intermediate certificate. The CA is created on my PA-220.

Creating a private key and certificate using the PAN OS web interface is ok. But as soon as you have to make multiple for a side project is gets cumbersome real quick. The CLI is in those cases more convenient. You can prepare the commands in a text editor and with a simple search and replace all the different certificates are prepared. The syntax is straight forward. Mind you spaces…

request certificate generate country-code <two letter code> email <email address> locality <city> organization "<name of organization>" state <state> hostname [ ] signed-by <name of CA certificate> algorithm <RSA or ECDSA> rsa-nbits <bits> certificate-name <name of the certificate in the webinterface> name <common name on the certificate>