https://live.paloaltonetworks.com/t5/general-topics/wrong-ssl-cert-being-presented-externally/m-p/179716#M55719 <P>Hi,</P><P>&nbsp;</P><P>Somehow, when browsing to one of our sites<SPAN>&nbsp;</SPAN>from outside our network, an incorrect certificate is being presented.</P><P>When browsing internally, the correct cert is presented (wildcard certificate from Godaddy).</P><P>&nbsp;</P><P>&nbsp;</P><P>I’ve excluded the server from our web proxy entirely, no change.</P><P>I’ve checked that our site is not being cached behind Cloudflare.</P><P>On the FW, no decryption appears to be applied to the access policy.</P><P>&nbsp;</P><P>Anyone faced this issue?&nbsp;<SPAN>&nbsp;I would like to know how an internal certificate can be presented externally.</SPAN></P> Tue, 03 Oct 2017 02:53:15 GMT Farzana 2017-10-03T02:53:15Z https://live.paloaltonetworks.com/t5/general-topics/wrong-ssl-cert-being-presented-externally/m-p/179716#M55719 <P>Hi,</P><P>&nbsp;</P><P>Somehow, when browsing to one of our sites<SPAN>&nbsp;</SPAN>from outside our network, an incorrect certificate is being presented.</P><P>When browsing internally, the correct cert is presented (wildcard certificate from Godaddy).</P><P>&nbsp;</P><P>&nbsp;</P><P>I’ve excluded the server from our web proxy entirely, no change.</P><P>I’ve checked that our site is not being cached behind Cloudflare.</P><P>On the FW, no decryption appears to be applied to the access policy.</P><P>&nbsp;</P><P>Anyone faced this issue?&nbsp;<SPAN>&nbsp;I would like to know how an internal certificate can be presented externally.</SPAN></P> Tue, 03 Oct 2017 02:53:15 GMT https://live.paloaltonetworks.com/t5/general-topics/wrong-ssl-cert-being-presented-externally/m-p/179716#M55719 Farzana 2017-10-03T02:53:15Z https://live.paloaltonetworks.com/t5/general-topics/wrong-ssl-cert-being-presented-externally/m-p/179728#M55720 <P>Do you use same URL to access it from inside and outside?</P><P>If website is behind Palo you can check traffic log if it was decypted.</P><P>You can also go to Monitor &gt; Packet Capture and compare if certificate in receive state sent by webserver is same that Palo sends out in from tramsmit stage.</P> Tue, 03 Oct 2017 03:00:36 GMT https://live.paloaltonetworks.com/t5/general-topics/wrong-ssl-cert-being-presented-externally/m-p/179728#M55720 Raido_Rattameister 2017-10-03T03:00:36Z