https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38805#M28459 <HTML><HEAD></HEAD><BODY><P>hey all,</P><P>I would like to decrypt my ldaps traffic that is now showing up as ssl in my traffic logs.</P><P>I can not seem to get it to work</P><P>- with ssl forward proxy decryption, I break the ldaps connection altogether and my ldap connection just fails.</P><P>- with inboud ssl decryption (with the AD-ldaps certificate<SPAN style="font-size: 10pt; line-height: 1.5em;"> </SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">+ private key</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;"> imported), the palo alto just refuses to decrytp the traffic. in the logs it is just marked as not decrypted (and application = ssl).</SPAN></P><P></P><P>anybody has any experience with this?</P><P>kind regards</P></BODY></HTML> Mon, 18 Nov 2013 15:19:43 GMT mr.linus 2013-11-18T15:19:43Z https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38805#M28459 <HTML><HEAD></HEAD><BODY><P>hey all,</P><P>I would like to decrypt my ldaps traffic that is now showing up as ssl in my traffic logs.</P><P>I can not seem to get it to work</P><P>- with ssl forward proxy decryption, I break the ldaps connection altogether and my ldap connection just fails.</P><P>- with inboud ssl decryption (with the AD-ldaps certificate<SPAN style="font-size: 10pt; line-height: 1.5em;"> </SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">+ private key</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;"> imported), the palo alto just refuses to decrytp the traffic. in the logs it is just marked as not decrypted (and application = ssl).</SPAN></P><P></P><P>anybody has any experience with this?</P><P>kind regards</P></BODY></HTML> Mon, 18 Nov 2013 15:19:43 GMT https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38805#M28459 mr.linus 2013-11-18T15:19:43Z https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38806#M28460 <HTML><HEAD></HEAD><BODY><P>Hello Linus,</P><P></P><P>If the software version is 5.0 then for decryption rules there is a decryption profile. Check if it is applied, if so look what checks are made in that profile.</P><P>Which ever certificate is configured for Forward decryption, is that certificate configured on the hosts to trust the certificate ?</P><P>Also if you look for global counters when the traffic is passing "show counter global" you may catch some counters related to this traffic providing a direction.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 18 Nov 2013 22:05:09 GMT https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38806#M28460 Phoenix 2013-11-18T22:05:09Z https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38807#M28461 <HTML><HEAD></HEAD><BODY><P>stupid....</P><P>since this is a lab setup, things change a lot. seems there was a new root ca installed on the PA which was not yet trusted by the client <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>installing the cert solved the issue.</P><P>tanx</P></BODY></HTML> Tue, 19 Nov 2013 10:25:16 GMT https://live.paloaltonetworks.com/t5/general-topics/decrypt-ldaps-traffic/m-p/38807#M28461 mr.linus 2013-11-19T10:25:16Z