The paloalto-shared-services application must be allowed in security policies to reach the certificate servers. Step-by-Step Resolution Guide 1. Regenerate a Fresh OTP
You must open a support case with Palo Alto Networks . A support engineer must gain root access (via a challenge/response process) to erase the invalid certificate and hash keys before a new one can be fetched. Known Bug Reference ensure you are using a valid
Before attempting advanced fixes, ensure you are using a valid, unexpired OTP. ensure you are using a valid