topic Ssl outbound decryption in General Topics https://live.paloaltonetworks.com/t5/general-topics/ssl-outbound-decryption/m-p/594781#M118384 <P dir="ltr"><SPAN>Hello,</SPAN><BR /><SPAN>&nbsp;when a client want to connect to a serveur on thé Internet ,the Palo Alto Networks device intercepts the client SSL request and generates a certificate on the fly for the site the client was visiting. In this step w</SPAN><SPAN>hat will be the intermediate chain and the root chain of this new certificate? The same as the server on the internet?</SPAN></P> <P dir="ltr"><SPAN>Which key will be used by the client to encrypt traffic between it and the firewall?</SPAN></P> <P dir="ltr"><SPAN>&nbsp;</SPAN></P> <P dir="ltr"><SPAN>What key will the firewall use to decrypt the customer's traffic?</SPAN></P> <P dir="ltr"><SPAN>&nbsp;</SPAN></P> <P dir="ltr"><SPAN>Thanks</SPAN></P> <P dir="ltr">&nbsp;</P> <P>&nbsp;</P> Tue, 13 Aug 2024 16:51:03 GMT Sarou22 2024-08-13T16:51:03Z Ssl outbound decryption https://live.paloaltonetworks.com/t5/general-topics/ssl-outbound-decryption/m-p/594781#M118384 <P dir="ltr"><SPAN>Hello,</SPAN><BR /><SPAN>&nbsp;when a client want to connect to a serveur on thé Internet ,the Palo Alto Networks device intercepts the client SSL request and generates a certificate on the fly for the site the client was visiting. In this step w</SPAN><SPAN>hat will be the intermediate chain and the root chain of this new certificate? The same as the server on the internet?</SPAN></P> <P dir="ltr"><SPAN>Which key will be used by the client to encrypt traffic between it and the firewall?</SPAN></P> <P dir="ltr"><SPAN>&nbsp;</SPAN></P> <P dir="ltr"><SPAN>What key will the firewall use to decrypt the customer's traffic?</SPAN></P> <P dir="ltr"><SPAN>&nbsp;</SPAN></P> <P dir="ltr"><SPAN>Thanks</SPAN></P> <P dir="ltr">&nbsp;</P> <P>&nbsp;</P> Tue, 13 Aug 2024 16:51:03 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-outbound-decryption/m-p/594781#M118384 Sarou22 2024-08-13T16:51:03Z Re: Ssl outbound decryption https://live.paloaltonetworks.com/t5/general-topics/ssl-outbound-decryption/m-p/594839#M118386 <P>Hello,</P> <P>&nbsp;</P> <P>"<SPAN>In this step w</SPAN><SPAN>hat will be the intermediate chain and the root chain of this new certificate? The same as the server on the internet?"</SPAN></P> <P>&nbsp;</P> <P><SPAN>- The client would be presented with a cert that is signed by your Forward Trust Certificate that you have selected in your firewall. So if you went</SPAN><SPAN> to google.com it would be a google.com cert signed by your Forward Trust Certificate.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>"Which key will be used by the client to encrypt traffic between it and the firewall?"</SPAN></P> <P><SPAN>- Your Forward Trust Certificate. The firewall wouldn't have access to the private key of a server on the internet (assuming you don't control this server)&nbsp;</SPAN></P> Wed, 14 Aug 2024 02:29:05 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-outbound-decryption/m-p/594839#M118386 Claw4609 2024-08-14T02:29:05Z