topic Re: SSL Decryption with Mutual (2 Way) Authentication in General Topics https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32022#M23458 <HTML><HEAD></HEAD><BODY><P>You can however still use SSL inspection. That is give your PA device the private key of the server and the PA will be able to "tap" the traffic.</P><P></P><P>However I dont think this will work if the endpoints are using DH (Diffie Hellman).</P></BODY></HTML> Mon, 27 May 2013 06:50:33 GMT mikand 2013-05-27T06:50:33Z SSL Decryption with Mutual (2 Way) Authentication https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32020#M23456 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have traffic that uses mutual (2 way) SSL Authentication that I would like to decrypt. I was able to decrypt when just using the server certificate, but when I add the client certificate it no longer decrypts (the connection still works though).</P><P></P><P>I have look around the docs/site and have not seen much mention of this scenario. I would like to know if it is supported? If so, how do you configure it?</P></BODY></HTML> Wed, 24 Apr 2013 19:48:58 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32020#M23456 ckawecki 2013-04-24T19:48:58Z Re: SSL Decryption with Mutual (2 Way) Authentication https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32021#M23457 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>SSL decryption cannot be used when servers require client certificates.</P></BODY></HTML> Sun, 26 May 2013 16:57:04 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32021#M23457 Retired Member 2013-05-26T16:57:04Z Re: SSL Decryption with Mutual (2 Way) Authentication https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32022#M23458 <HTML><HEAD></HEAD><BODY><P>You can however still use SSL inspection. That is give your PA device the private key of the server and the PA will be able to "tap" the traffic.</P><P></P><P>However I dont think this will work if the endpoints are using DH (Diffie Hellman).</P></BODY></HTML> Mon, 27 May 2013 06:50:33 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-with-mutual-2-way-authentication/m-p/32022#M23458 mikand 2013-05-27T06:50:33Z