https://live.paloaltonetworks.com/t5/general-topics/sl-decryption-exclusions/m-p/478478#M103767 <P>Use the SSL Decryption List for technical reason (hair pinning, key pinning, client side authentication, etc).<BR />Use a custom URL category for everything else that you do not want decrypted.</P><P>&nbsp;</P> Tue, 05 Apr 2022 20:11:21 GMT S.Cantwell 2022-04-05T20:11:21Z https://live.paloaltonetworks.com/t5/general-topics/sl-decryption-exclusions/m-p/477762#M103701 <DIV><DIV class=""><DIV class=""><SPAN>Hi All,</SPAN></DIV></DIV><DIV class=""><DIV class=""><SPAN>I'm using SSL decryption and if I wanted to have a URL in the exceptions (not decrypted) list, I would add it to a custom url category I created and just add the domain and apply the cutom url to the policy.</SPAN></DIV></DIV><DIV class=""><DIV class=""><SPAN>But I also noticed that in Device&gt;Certificate Management&gt;SSL decryption exclusion - there are many predefined domains that seem to not be decrypted. If this is the case, why do they have that listed under certificates?</SPAN></DIV></DIV><DIV class=""><DIV class=""><SPAN>If I add a url to the custom url category I created or the one in certificates, is it the same thing?</SPAN></DIV></DIV><DIV class=""><DIV class=""><SPAN>Thanks.</SPAN></DIV></DIV></DIV> Sun, 03 Apr 2022 19:07:52 GMT https://live.paloaltonetworks.com/t5/general-topics/sl-decryption-exclusions/m-p/477762#M103701 roma 2022-04-03T19:07:52Z https://live.paloaltonetworks.com/t5/general-topics/sl-decryption-exclusions/m-p/478478#M103767 <P>Use the SSL Decryption List for technical reason (hair pinning, key pinning, client side authentication, etc).<BR />Use a custom URL category for everything else that you do not want decrypted.</P><P>&nbsp;</P> Tue, 05 Apr 2022 20:11:21 GMT https://live.paloaltonetworks.com/t5/general-topics/sl-decryption-exclusions/m-p/478478#M103767 S.Cantwell 2022-04-05T20:11:21Z