https://live.paloaltonetworks.com/t5/general-topics/digicert-sha2-untrusted/m-p/332885#M84124 <P>You answered your own question <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>You should import the root certificate and mark it as a "trusted root ca certificate" (open the cert and check the box, commit)</P> Thu, 11 Jun 2020 05:35:42 GMT reaper 2020-06-11T05:35:42Z https://live.paloaltonetworks.com/t5/general-topics/digicert-sha2-untrusted/m-p/332838#M84119 <P>We own a wildcard cert from Digicert for on-prem or cloud hosted websites. When doing decryption traffic to our websites breaks and i had to uncheck 'block untrusted certificates' to make it work.&nbsp;</P><P>How can i keep blocking untrusted certificates and still allow traffic. I know i can create a separate profile for known websites, but i was thinking if there is a way to import the root CA so firewall trusts it.</P> Wed, 10 Jun 2020 18:14:25 GMT https://live.paloaltonetworks.com/t5/general-topics/digicert-sha2-untrusted/m-p/332838#M84119 raji_toor 2020-06-10T18:14:25Z https://live.paloaltonetworks.com/t5/general-topics/digicert-sha2-untrusted/m-p/332885#M84124 <P>You answered your own question <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>You should import the root certificate and mark it as a "trusted root ca certificate" (open the cert and check the box, commit)</P> Thu, 11 Jun 2020 05:35:42 GMT https://live.paloaltonetworks.com/t5/general-topics/digicert-sha2-untrusted/m-p/332885#M84124 reaper 2020-06-11T05:35:42Z