Enterprise Certification Authority - Certificate for Firewalls web-gui
Good afternoon, as always, thank you in advance for your constant support. Please help me with the following case:
1.- Firewalls - HA
2.- Local Certification Authority
3.- Firewalls managed by PANORAMA
4.- One template/one template stack with this template
-It is intended to use a certificate for the GUI, for the access to the web-gui administration of the firewalls, using a certificate generated by an Enterprise certificate authority.
It will be done without csr, I reiterate without using CSR, but it will be uploaded both the certificate and the private key, generated by the local certifier.
The certification chain is small, and quite simple, without intermediaries, that is to say:
CA-ENTERPRISE-LOCAL --------------> Certificate for the Firewall-Web-GUI-ADMIN.
1.- Please make observations, the issues to be considered on the basis of the proposed environment. Each firewall, in HA, will have its own certificate, therefore it is not recommended to do it via template from Panorama (there is only one template for all the HA), please confirm this point and indicate, based on the environment indicated, that it should or should not be done locally, I would understand that it should be done locally.
2.- Please indicate whether or not the CA certificate should be uploaded to the firewalls (I would understand no, but please confirm it, based on best practices). The client computers and/or workstations, that will visit and access via WEB, the WEB-GUI of the firewalls, already trust the Enterprise CA as a trusted entity.
3 .- Please indicate what considerations should be taken based on Panorama, when changing context to firewalls, configuration push, after the firewalls have their new ssl web-gui certificate, installed, if they have the new certificate, generate any problems, setbacks and / or if any prior adjustment is required necessary, please your support.
Thank you very much for your collaboration and constant support, I remain attentive, best regards