Renew SSL Certificate on PaloAlto Traps ESM

By | May 7, 2019

To Renew the certificate on your PAN Traps ESM, there are 2 processes.

First you need to update the certificate in the IIS Default site where ESM Console is running. you can install the certificate in the web folder.

Secondly to update the core module (otherwise your Traps agents will not connect), you need to.

Launch MMC and copy the certificate you installed in IIS into Enterprise Trust and Personal.

Then run the following commands from a command prompt NOT powershell

netsh http show sslcert

take note of the Certificate thumbprint you installed in IIS above

now run the below to delete the current certificate binding

netsh http delete sslcert ipport=

and the below to create the new binding, add the cert hash from the above command to the below

netsh http add sslcert ipport= certhash=TYPE YOUR CERT_HASH_HERE appid={935e55e3-8b9d-4b95-954c-423626f887f9} clientcertnegotiation=enable

Thats it your agents should be able to connect again 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.