https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17990#M13103 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You have to use a certificate (either self-signed or from a third party) in order to decrypt SSL traffic on PAN firewall.</P><P></P><P>Few related DOC:</P><P> <A href="https://live.paloaltonetworks.com/docs/DOC-1412">How to Implement SSL Decryption</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2006">SSL Decryption Certificates</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 11 Aug 2014 16:54:16 GMT HULK 2014-08-11T16:54:16Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17989#M13102 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>I wish to ask do i have to have my own Certificate in order to use SSL decryption feature, in order to decryption my users SSL traffic ?</P><P>OR i can just go and setup this feature and use it right away ?</P><P></P><P>I use PA-VM-100, PAN OS 6.0.4</P></BODY></HTML> Sun, 10 Aug 2014 03:35:54 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17989#M13102 Amr_Attiya 2014-08-10T03:35:54Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17990#M13103 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You have to use a certificate (either self-signed or from a third party) in order to decrypt SSL traffic on PAN firewall.</P><P></P><P>Few related DOC:</P><P> <A href="https://live.paloaltonetworks.com/docs/DOC-1412">How to Implement SSL Decryption</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2006">SSL Decryption Certificates</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 11 Aug 2014 16:54:16 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17990#M13103 HULK 2014-08-11T16:54:16Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17991#M13104 <HTML><HEAD></HEAD><BODY><P>Your client computers will need to "trust" the certificate you use on the PA for decryption or else they will get the red certificate error banner when browsing decrypted sites.</P><P></P><P>A simple way to achieve this on a windows domain is to use your Active Directory CA to issue the certificate you use for decryption on the PA.</P></BODY></HTML> Thu, 14 Aug 2014 21:50:06 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17991#M13104 pulukas 2014-08-14T21:50:06Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17992#M13105 <HTML><HEAD></HEAD><BODY><P>Additionally, if you choose to use a non Active Directory CA you can use group policy to push the certificate trust out to workstations.</P></BODY></HTML> Fri, 15 Aug 2014 11:36:00 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-feature/m-p/17992#M13105 DavePalo 2014-08-15T11:36:00Z