This typically appears during certificate enrollment or authentication when the firewall tries to validate a certificate stored in a device’s Trusted Platform Module (TPM). The updated behavior in recent PAN-OS and GlobalProtect versions has made this error more visible. Here’s what it means and how to fix it.
If you suspect the disk partition full bug, examine the temporary directory:
This usually happens for one of three reasons: If you suspect the disk partition full bug,
ping certificate.paloaltonetworks.com
If you're experiencing the "Palo Alto failed to fetch device certificate" error, you may notice the following symptoms: : Problems with the TPM itself, such as
Likely Root Causes
: If your device uses TPM, the standard OTP fetch command might not be available. Instead, try the following specific command in the CLI: request certificate fetch . : Problems with the TPM itself
If you have tried a commit force , rebooted the device, and confirmed network stability but still receive the TPM public key match failed message, .
: Problems with the TPM itself, such as malfunction, incorrect initialization, or misconfigured TPM settings.
Select at least 2 products
to compare