The earliest recollection of this bug is traced back to PAN-OS 9.1.10 - July 29, 2024. This bug is fixed in PAN-OS versions 9.1.10. Fixed an issue where a satellite firewall was unable to authenticate to an LSVPN gateway when the issued certificate from Simple Certificate Enrollment Protocol (SCEP) had encryption bits set to 3072. With this fix, the maximum private key size of 3072 bits, along with the 1024-bit size and the 2048-bit size, is able to authenticate when selected to create the SCEP profile. For more information: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues