Replacing/Uploading Certificates
  • 24 May 2022
  • Dark

Replacing/Uploading Certificates

  • Dark

Article Summary

File Upload Issue
If you encounter an error when attempting to upload files through Panorama, please open an SMC ticket with the OSC for assistance.


By default, Expedient configures GlobalProtect utilizing the wildcard certificate. If preferred, a client can substitute the wildcard with their own certificate. If a client chooses to use a non-Expedient managed certificate, it is the client's responsibility to manage that certificate. While Expedient may not manage the certificate., Expedient provides this documentation to assist clients with getting started on uploading and renewing their own certificates.


The steps described in this document assume that the firewall hosting GlobalProtect has had the GlobalProtect Gateway & Portal configuration sections completed.


You can use the following process to upload a first-time certificate or replace an existing one.

1. Navigate to primary node firewall UI after successfully authenticating into

2. Select Device > Certificate Management > Certificates > Device Certificates > Import

3. Import the appropriate certificate/key. In our example, we're importing the certificate.

"Block Private Key Export" must be selected when configuring the certificate.

4. Create an SSL/TLS service profile using the certificate you've imported. Select Device > Certificate Management > SSL/TLS Service Profile > Add

"TLSv1.2" must be selected when configuring the certificate & SSL/TLS profile.

5. Apply service profile to GlobalProtect gateway. Select Network > GlobalProtect > Gateways > Click link for gateway > Authentication > Select appropriate SSL/TLS profile from Server Authentication drop-down > Click OK

6. Apply service profile to GlobalProtect portal. Select Network > GlobalProtect > Portals > Click link for portal > Authentication > Select appropriate SSL/TLS profile from Server Authentication drop-down > Click OK

7. Perform a firewall Commit operation to commit your changes.

Was this article helpful?