topic SSL VPN with Client Certificate in General Topics https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-with-client-certificate/m-p/24266#M17687 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I want to use SSL VPN with Client Certificate.</P><P>I will install CA server on MS Window 2008.</P><P>I know CA server is installed 'Enterprise CA mode" or "Standalone CA mode".</P><P>The Enterprise mode deliver Certificate to assist AD server.</P><P>The Standalone mode deliver Certificate by 'Web enrollment'.</P><P>I have questions.</P><P>Is PaloAlto imported each Certificates possible? </P><P>Can PA connect each mode CA server by OCSP?</P></BODY></HTML> Wed, 27 Mar 2013 15:44:03 GMT KiCheon.Lee 2013-03-27T15:44:03Z SSL VPN with Client Certificate https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-with-client-certificate/m-p/24266#M17687 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I want to use SSL VPN with Client Certificate.</P><P>I will install CA server on MS Window 2008.</P><P>I know CA server is installed 'Enterprise CA mode" or "Standalone CA mode".</P><P>The Enterprise mode deliver Certificate to assist AD server.</P><P>The Standalone mode deliver Certificate by 'Web enrollment'.</P><P>I have questions.</P><P>Is PaloAlto imported each Certificates possible? </P><P>Can PA connect each mode CA server by OCSP?</P></BODY></HTML> Wed, 27 Mar 2013 15:44:03 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-with-client-certificate/m-p/24266#M17687 KiCheon.Lee 2013-03-27T15:44:03Z Re: SSL VPN with Client Certificate https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-with-client-certificate/m-p/24267#M17688 <HTML><HEAD></HEAD><BODY><P class="T_Text"><A name="1653273">Use the </A><SPAN style="font-weight: bold;">OCSP Responder</SPAN> (Online Certificate Status Protocol Responder) page to define a server that will be used to verify the revocation status of certificates issues by the PAN-OS device. When generating new certificates, you can specify the OCSP Responder that will be used.</P><P class="T_Text"><A name="1653487">To enable OCSP, go to </A><SPAN style="font-weight: bold;">Device &gt; Setup &gt; Sessions</SPAN> and under <SPAN style="font-weight: bold;">Sessions Features</SPAN> click <SPAN style="font-weight: bold;">Decryption Certificate Revocation Settings</SPAN>.</P><P class="T_Text"><A name="1653274"> </A></P><TABLE cellspacing="0" class="TW_TableWide" style="text-align: left;" summary=""><TBODY><TR><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.5pt; border-top-color: #000000; border-top-style: solid; border-top-width: 2.0pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TH_TableHeading"><A name="1653505">Field</A></P></TD><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.5pt; border-top-color: #000000; border-top-style: solid; border-top-width: 2.0pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TH_TableHeading"><A name="1653507">Description</A></P></TD></TR><TR><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.25pt; border-top-color: #000000; border-top-style: solid; border-top-width: 0.5pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TSH_TableSubHeading"><A name="1653509">Name</A></P></TD><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.25pt; border-top-color: #000000; border-top-style: solid; border-top-width: 0.5pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TB_TableBody"><A name="1653511">Enter a name to identify the OCSP responder server (up to </A><SPAN class="Bold" style="font-weight: normal;">31</SPAN> characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores. </P></TD></TR><TR><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.5pt; border-top-color: #000000; border-top-style: solid; border-top-width: 0.25pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TSH_TableSubHeading"><A name="1653513">Host Name</A></P></TD><TD style="border-bottom-color: #000000; border-bottom-style: solid; border-bottom-width: 0.5pt; border-top-color: #000000; border-top-style: solid; border-top-width: 0.25pt; padding-bottom: 3pt; padding-left: 6pt; padding-right: 6pt; padding-top: 5pt;"><P class="TB_TableBody"><A name="1653515">Enter the host name of the OCSP responder server that will be used to check certificate revocation status for your devices.</A></P></TD></TR></TBODY></TABLE></BODY></HTML> Wed, 27 Mar 2013 16:24:19 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-with-client-certificate/m-p/24267#M17688 das 2013-03-27T16:24:19Z