topic Re: How to identify pinned certificates? in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-identify-pinned-certificates/m-p/507624#M190 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/30703">@Sly_Cooper</a> ,</P> <P>I am guessing you mean if application is used pinned certificate, not the site.</P> <P>Pinned certificate means that the application which is initiating the traffic and trying to reach the public server has some additional check and expect the server to reply with specific certificate, or at least with cert that is signed only by specific CA.</P> <P>&nbsp;</P> <P>Unfortunately if it is not explicetly mentioned in the application documentation the only way is to try it.</P> <P>Try to use the application with decryption enabled, if there is a problem, try to disable the decryption, if it works add it as permanent exception.</P> Fri, 01 Jul 2022 07:48:09 GMT aleksandar.astardzhiev 2022-07-01T07:48:09Z How to identify pinned certificates? https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-identify-pinned-certificates/m-p/507307#M185 <P>Hi,</P><P>&nbsp;</P><P>How can I find out if the site is using pinned certificate so that I can exclude the site from SSL decryption?</P> Thu, 30 Jun 2022 02:37:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-identify-pinned-certificates/m-p/507307#M185 Sly_Cooper 2022-06-30T02:37:19Z Re: How to identify pinned certificates? https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-identify-pinned-certificates/m-p/507624#M190 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/30703">@Sly_Cooper</a> ,</P> <P>I am guessing you mean if application is used pinned certificate, not the site.</P> <P>Pinned certificate means that the application which is initiating the traffic and trying to reach the public server has some additional check and expect the server to reply with specific certificate, or at least with cert that is signed only by specific CA.</P> <P>&nbsp;</P> <P>Unfortunately if it is not explicetly mentioned in the application documentation the only way is to try it.</P> <P>Try to use the application with decryption enabled, if there is a problem, try to disable the decryption, if it works add it as permanent exception.</P> Fri, 01 Jul 2022 07:48:09 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/how-to-identify-pinned-certificates/m-p/507624#M190 aleksandar.astardzhiev 2022-07-01T07:48:09Z