https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/certificates-on-palo-alto-types-to-be-installed/m-p/568217#M2057 <P>you don't need the second ssl certificate as that is only required for outbound proxy inspection (and it needs to be from an internal PKI or selfsigned instead of a public one)</P> <P>&nbsp;</P> <P>for inbound inspection, you need to have the server certificate (and preferably the CA/root and intermediate, to complete the certificate path)</P> <P>&nbsp;</P> <P>you can use the server certificate on the firewall (WITH private key) to look inside the flow</P> Mon, 04 Dec 2023 14:07:32 GMT reaper 2023-12-04T14:07:32Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/certificates-on-palo-alto-types-to-be-installed/m-p/568141#M2054 <P>Dear memebers,</P> <P>&nbsp;</P> <P>We are going to use palo alto vm series firewall on Azure and like to take your advice on the type of certificates to be installed. The firewalls will be public facing front end by Azure application gateway.</P> <P>&nbsp;</P> <P>The FW will be protecting a web site running on the background.&nbsp; If my understanding is correct, I need 2 types of certificates.</P> <P>&nbsp;</P> <UL> <LI>One from&nbsp;Certificates from a trusted third-party CA (Go dady/Verisign) - This is for web site</LI> <LI>Obtain a Certificate from an External CA - This will be from Palo alto itself for&nbsp; SSL/TLS decryption&nbsp;</LI> </UL> <P>&nbsp;</P> <P>plz advice if my understanding is correct.</P> Sun, 03 Dec 2023 09:07:28 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/certificates-on-palo-alto-types-to-be-installed/m-p/568141#M2054 N-Open 2023-12-03T09:07:28Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/certificates-on-palo-alto-types-to-be-installed/m-p/568217#M2057 <P>you don't need the second ssl certificate as that is only required for outbound proxy inspection (and it needs to be from an internal PKI or selfsigned instead of a public one)</P> <P>&nbsp;</P> <P>for inbound inspection, you need to have the server certificate (and preferably the CA/root and intermediate, to complete the certificate path)</P> <P>&nbsp;</P> <P>you can use the server certificate on the firewall (WITH private key) to look inside the flow</P> Mon, 04 Dec 2023 14:07:32 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/certificates-on-palo-alto-types-to-be-installed/m-p/568217#M2057 reaper 2023-12-04T14:07:32Z