Link to home
Start Free TrialLog in
Avatar of Schuyler Dorsey
Schuyler DorseyFlag for United States of America

asked on

Palo Alto Networks SSL Decryption Cert Mgmt

I am looking to setup the ssl decryption but obviously need the certs in place to do so. My client has SBS2011 so they do have the AD CA role installed. So I am needing to generate a cert to install onto the PA as well as install the root ca cert onto the pa. I seem to be at a loss on the best procedures for this.

So 1. I am looking for the best method to generate a new certificate from ADCA specifically for the PA and the best method to export the root ca to the pan so it can chain up properly.

And 2. if anyone knows the answer, how to properly set the certs on the PAN device. I tried generating a pan cert and installing what I thought was the root cert onto the firewall. I set the pan cert as forward trust and forward untrust cert and the root cert as the CA cert. This configuration did not work for decryption.

Thanks in advance!
Avatar of ahoffmann
ahoffmann
Flag of Germany image

if you install the new root CA in you AD *all your clients relying on that AD* can no longer inform the (human) user that the encryption is brocken and that there is a MiTM
hope you tell that your users after you get it working this way ;-)
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial