: A bug (PAN-313623) in some PAN-OS versions (including 12.1.x) causes temporary .pub_pem files to accumulate in the /opt/pancfg/mgmt/ssl/private/ directory, preventing certificate renewals.
: Some success has been reported by running these commands via the CLI to trigger a clean fetch and telemetry update: request certificate fetch request device-telemetry collect-now Check NTP and Connectivity : A bug (PAN-313623) in some PAN-OS versions (including 12
The following are some common causes of the "Failed to Fetch Device Certificate - TPM Public Key Match Failed" error: When to Contact Support This re-enrolls the cert
: Ensure your management traffic allows the application paloalto-shared-services . Without this, the firewall cannot communicate with the CSP to update certificates. When to Contact Support If you share with third parties, their policies apply
This re-enrolls the cert using the TPM key.
This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later. Fetch Device Certificate failure - LIVEcommunity - 567670
Ensure that the device is compatible with Palo Alto's security solutions.
Acquire infrastructure now — align payments with your deployment timeline.
Contact a Specialist Explore Financing