PAN-OS only allows you to generate self-signed certificates or already import existing ones. To use a Let’s Encrypt certificate, you need to request it on another device, and therefore we can only use DNS as validation. AWS Route53 is used as a DNS provider, we will use Certbot to obtain a certificate, we also need …
Continue reading "Palo Alto VM-Series Firewall: Let’s Encrypt certificate"
To enhance cryptography, you must use the Diffie-Hellman parameter file with a length of at least 4096 bits. Let’s create a file like this: Will be added to the Nginx config file: You can use the following service to check: ssllabs.com
The script receives the value, after how many days the certificate expires and sends the values to "Zabbix" via "zabbix-sender". Script content: You need to make sure that the required domain is set as the FQDN of the host. Or receive it in another way, for example, if you have more than one domain …
Continue reading "SSL – Certificate Validity check"