The earliest recollection of this bug is traced back to PAN-OS 10.1.0 - July 22, 2025. Next-Gen Firewalls are unable to connect to a syslog server when the certificates required to connect to the syslog server are part of a Certificate Profile ( Device Certificate Management Certificate Profile ) if the Use OCSP setting is enabled to check the revocation status of certificates. Workaround: Enable Use CRL to check the revocation status of certificates in the Certificate Profile. For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-0-known-and-addressed-issues/pan-os-10-1-0-known-issues https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-release-notes/pan-os-10-2-0-known-and-addressed-issues/pan-os-10-2-0-known-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-release-information/known-issues/known-issues-related-to-pan-os-9-1-releases