SSL Decryption Certificate

markk96 — Wed, 11 Jun 2014 16:30:13 GMT

For SSL Decryption does the cert on the PALO need to be issued from the same enterprise cert chain as the workstations, or does the cert on the workstation have to match the cert on the PALO exactly? We have about 2000 workstations that have been issued a unique cert already for other applications.

Thanks

Mark

Re: SSL Decryption Certificate

torm — Thu, 12 Jun 2014 13:56:01 GMT

For inbound decryption, the certificate needs to match the certificate on the web-server. For outbound decryption (SSL Forward Proxy), the certificate on the PA should be a sub-ordinate CA signed be your internal CA. You can also use a self-signed CA-certificate, but then this needs to be distributed to your clients as a trusted root ca.

You can get more info from this document: How to Implement SSL Decryption

topic Re: SSL Decryption Certificate in General Topics

SSL Decryption Certificate

Re: SSL Decryption Certificate