https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/aws-and-inbound-ssl-inspection/m-p/518079#M1706 <P>Hello all,</P> <P>&nbsp;</P> <P>After some help as not getting much from support.</P> <P>We have a customer with an Amazon AWS solution. We have a web server in the trust zone and we have been asked to set up inbound ssl inspection.</P> <P>There is a load balancer after the firewalls.</P> <P>The client uses an Amazon cert of some sort and we have created a cert and private key on the web server and imported into the firewall and set up inbound ssl decryption.</P> <P>The decryption will not work and comes up with an error of 'private key does not match public key'</P> <P>Is this because the certificate we created is set up wrong or is this some sort of clash between the web server cert and the amazon cert on the untrust side?</P> <P>Can we even do inbound ssl decryption in AWS or should this be done before the firewalls in the AWS WAF or on the load balancer and then sent to the firewall as clear text?</P> <P>&nbsp;</P> <P>Hoping for some quick advise on this as getting pressure from on high!</P> <P>&nbsp;</P> <P>thanks</P> <P>&nbsp;</P> <P>Steve</P> Mon, 17 Oct 2022 07:34:34 GMT Stevenmill 2022-10-17T07:34:34Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/aws-and-inbound-ssl-inspection/m-p/518079#M1706 <P>Hello all,</P> <P>&nbsp;</P> <P>After some help as not getting much from support.</P> <P>We have a customer with an Amazon AWS solution. We have a web server in the trust zone and we have been asked to set up inbound ssl inspection.</P> <P>There is a load balancer after the firewalls.</P> <P>The client uses an Amazon cert of some sort and we have created a cert and private key on the web server and imported into the firewall and set up inbound ssl decryption.</P> <P>The decryption will not work and comes up with an error of 'private key does not match public key'</P> <P>Is this because the certificate we created is set up wrong or is this some sort of clash between the web server cert and the amazon cert on the untrust side?</P> <P>Can we even do inbound ssl decryption in AWS or should this be done before the firewalls in the AWS WAF or on the load balancer and then sent to the firewall as clear text?</P> <P>&nbsp;</P> <P>Hoping for some quick advise on this as getting pressure from on high!</P> <P>&nbsp;</P> <P>thanks</P> <P>&nbsp;</P> <P>Steve</P> Mon, 17 Oct 2022 07:34:34 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/aws-and-inbound-ssl-inspection/m-p/518079#M1706 Stevenmill 2022-10-17T07:34:34Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/aws-and-inbound-ssl-inspection/m-p/518090#M1708 <P>Can you give me any help on the issue?</P> Mon, 17 Oct 2022 12:36:12 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/aws-and-inbound-ssl-inspection/m-p/518090#M1708 Stevenmill 2022-10-17T12:36:12Z