https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-certificate/m-p/6286#M4584 <HTML><HEAD></HEAD><BODY><P>The certificate already issued to the clients is fine, and you do not need to issue a new CA Certificate from that same enterprise cert chain for the SSL Decryption certificate.</P><P></P><P>As long as the clients trust the CA who signed the cert you want to use for SSL Decryption, any CA certificate will work.</P><P></P><P>Hope this helps,</P><P>Greg</P></BODY></HTML> Wed, 11 Jun 2014 19:40:59 GMT gwesson 2014-06-11T19:40:59Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-certificate/m-p/6285#M4583 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #1f497d;">For SSL Decryption does the cert on the PALO need to be issued from the same enterprise cert chain as the workstations, or does the cert on the workstation have to match the cert on the PALO exactly?&nbsp; We have about 2000 workstations that have been issued a unique cert already for other applications. </SPAN></P><P></P><P><SPAN style="color: #1f497d;">Thanks</SPAN></P><P><SPAN style="color: #1f497d;">Mark</SPAN></P></BODY></HTML> Wed, 11 Jun 2014 17:57:12 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-certificate/m-p/6285#M4583 markk96 2014-06-11T17:57:12Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-certificate/m-p/6286#M4584 <HTML><HEAD></HEAD><BODY><P>The certificate already issued to the clients is fine, and you do not need to issue a new CA Certificate from that same enterprise cert chain for the SSL Decryption certificate.</P><P></P><P>As long as the clients trust the CA who signed the cert you want to use for SSL Decryption, any CA certificate will work.</P><P></P><P>Hope this helps,</P><P>Greg</P></BODY></HTML> Wed, 11 Jun 2014 19:40:59 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-certificate/m-p/6286#M4584 gwesson 2014-06-11T19:40:59Z