https://live.paloaltonetworks.com/t5/general-topics/the-deep-packet-inspection-on-ssl-decryption-via-publicly-signed/m-p/511812#M106376 <P>Regarding using a Publicly signed certificate for SSL decryption.</P> <P>Is the deep packet inspection possible or not?</P> <P>Is there any impact?</P> Sun, 14 Aug 2022 12:00:00 GMT Mohammed_Yasin 2022-08-14T12:00:00Z https://live.paloaltonetworks.com/t5/general-topics/the-deep-packet-inspection-on-ssl-decryption-via-publicly-signed/m-p/511812#M106376 <P>Regarding using a Publicly signed certificate for SSL decryption.</P> <P>Is the deep packet inspection possible or not?</P> <P>Is there any impact?</P> Sun, 14 Aug 2022 12:00:00 GMT https://live.paloaltonetworks.com/t5/general-topics/the-deep-packet-inspection-on-ssl-decryption-via-publicly-signed/m-p/511812#M106376 Mohammed_Yasin 2022-08-14T12:00:00Z https://live.paloaltonetworks.com/t5/general-topics/the-deep-packet-inspection-on-ssl-decryption-via-publicly-signed/m-p/511838#M106378 <P>For Inbound Decryption, the server cert can be signed by a Public CA. The firewall does need the private key of the cert though.</P> <P>&nbsp;</P> <P>For Forward Proxy, it doesn't matter since you can't get a CA cert from a Public CA. Someone like godaddy will not let you sign certs for them. You can use firewall generated or private PKI.&nbsp;</P> Mon, 15 Aug 2022 12:58:07 GMT https://live.paloaltonetworks.com/t5/general-topics/the-deep-packet-inspection-on-ssl-decryption-via-publicly-signed/m-p/511838#M106378 dmifsud 2022-08-15T12:58:07Z