A global bug has been noted where certificates on the device do not match those in the Customer Support Portal, often affecting newer models like the PA-440 during Zero Touch Provisioning (ZTP). Corrupt Certificate Store:
The error message states that the because the cloud-side portal expects a public key hash matching what Palo Alto recorded during factory manufacturing, but the incoming registration request sends a signature or public key that does not match. A global bug has been noted where certificates
(needs reboot, backup first):
Verify that the management interface can resolve and reach the following domains over HTTPS (Port 443): ://paloaltonetworks.com ://paloaltonetworks.com Test connectivity directly from the firewall CLI: ping host ://paloaltonetworks.com Use code with caution. Hardware Replacement (RMA) Considerations A global bug has been noted where certificates
: