https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47333#M34791 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: arial,helvetica,sans-serif;"></SPAN></P><P>show session all filter source x.x.x.x destination y.y.y.y</P><P></P><P>What does the application get identified as?</P><P></P><P>Maybe try:</P><P>Pattern Match: Context: <STRONG>ssl-rsp-certificate</STRONG>, pattern server.domain\.com</P></BODY></HTML> Tue, 07 Jun 2011 03:27:28 GMT schiang1 2011-06-07T03:27:28Z https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47332#M34790 <HTML><HEAD></HEAD><BODY><P>I'm trying to tag a particular application protocol that used TLS/SSL as a security wrapper.</P><P></P><P>The most accurate way I can ID this application protocol is to match against the FQDN subjectName returned by the server during the certificate handshake.</P><P></P><P>I've setup a custom App-ID configured as:-</P><P></P><P>Parent App: <STRONG>ssl</STRONG></P><P>Port: <STRONG>tcp/443</STRONG></P><P>Pattern Match: Context: <STRONG>ssl-rsp-certificate</STRONG>, Pattern: <STRONG>server\.domain\.com </STRONG></P><P></P><P>but this isn't matching.&nbsp; I've also tried using the Context type: <STRONG>ssl-rsp-server-hello </STRONG>and this too fails.</P><P></P><P>I have confirmed with a tcpdump that this string is present in the server response.</P><P></P><P>Any clues greatfully received!</P></BODY></HTML> Thu, 19 May 2011 17:06:53 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47332#M34790 apackard 2011-05-19T17:06:53Z https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47333#M34791 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: arial,helvetica,sans-serif;"></SPAN></P><P>show session all filter source x.x.x.x destination y.y.y.y</P><P></P><P>What does the application get identified as?</P><P></P><P>Maybe try:</P><P>Pattern Match: Context: <STRONG>ssl-rsp-certificate</STRONG>, pattern server.domain\.com</P></BODY></HTML> Tue, 07 Jun 2011 03:27:28 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47333#M34791 schiang1 2011-06-07T03:27:28Z https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47334#M34792 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have to solve the same problem : identifing an internal application using ssl certificate CN, but defining a custom application, overriding ssl app and matching ssl-rsp-certificate don't work.</P><P></P><P>Any other idea to use certificate CN to identify a web-based ssl application ?</P><P></P><P>Regards,</P><P>--</P><P>Sébastien B.</P><P></P><P></P><P>Soft ver. 3.1.4 and up-to-date app-thread pack.</P></BODY></HTML> Fri, 19 Aug 2011 15:51:19 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-match-custom-ssl-based-applications/m-p/47334#M34792 Sebbb 2011-08-19T15:51:19Z