pa_upload_web_cert
Description
Extract a certificate and private key from a PFX archive (stored under /mnt/automation/cert_cache/<vpnname>), import the PKCS#12 into the target Palo Alto firewall as a keypair named ssl-web-interface-cert, update the ssl-tls-service-profile (ssl-web-interface) to reference the imported cert, and commit the firewall.
Credentials
- panos_username / panos_password
- domain_user / domain_password (Passwordstate API)
Input
| Variable | Description |
|---|---|
target |
IP or hostname of the Palo Alto device where the certificate will be imported |
marvin_output |
Data structure (from previous job) that contains a pid used to retrieve the PFX password from Passwordstate |
domain_user, domain_password |
Credentials/API user for Passwordstate to fetch the PFX password |
panos_username, panos_password |
Firewall credentials used for the import and commit |
vpnname |
Derived from target (short hostname) and used to locate files under /mnt/automation/cert_cache/{{ vpnname }} |
Output
- Imported PKCS#12 keypair into the firewall named
ssl-web-interface-cert. - Updated the
ssl-tls-service-profileentryssl-web-interfaceto reference the imported certificate. - A firewall commit is performed to apply the changes.