https://live.paloaltonetworks.com/t5/general-topics/ocsp-responder-with-self-signed-certificate/m-p/336622#M84811 <P>Finally figured out the missing step from another article.&nbsp; I need to go to Device -&gt; Setup -&gt; Session -&gt; Decryption Certificate Revocation Settings</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification-for-certificate-revocation-status/configure-revocation-status-verification-of-certificates-used-for-ssltls-decryption.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification-for-certificate-revocation-status/configure-revocation-status-verification-of-certificates-used-for-ssltls-decryption.html</A></P> Sun, 05 Jul 2020 12:25:02 GMT fhewiufhwefhwe 2020-07-05T12:25:02Z https://live.paloaltonetworks.com/t5/general-topics/ocsp-responder-with-self-signed-certificate/m-p/336438#M84746 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 878px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/26539i74B4357EF3F8B328/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Capture.PNG" alt="Capture.PNG" /></span>Following&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK" target="_blank" rel="noopener">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK</A>, I created an OCSP responded.&nbsp; When creating the user certificates, for signed by I tried both the Root and Intermediate certificate.&nbsp; I allowed HTTP_OCSP on both device-&gt;setup-&gt;Interfaces-&gt;Management as well as Network-&gt;Interfaces-&gt;Network Profiles-&gt;Interface Mgmt that corresponds to my interface.&nbsp; I also created a security policy to all ocsp from my machine to the firewall.</P><P>&nbsp;</P><P>From the CLI, when I typed in the command: debug sslmgr view ocsp all</P><P>Nothing is coming back however.&nbsp; Any idea what could be the problem?</P><P>&nbsp;</P><P>Do I have to download the certificate and try to use it with vpn before the debug sslmgr view oscp all command will show anything?</P> Thu, 02 Jul 2020 16:13:09 GMT https://live.paloaltonetworks.com/t5/general-topics/ocsp-responder-with-self-signed-certificate/m-p/336438#M84746 fhewiufhwefhwe 2020-07-02T16:13:09Z https://live.paloaltonetworks.com/t5/general-topics/ocsp-responder-with-self-signed-certificate/m-p/336622#M84811 <P>Finally figured out the missing step from another article.&nbsp; I need to go to Device -&gt; Setup -&gt; Session -&gt; Decryption Certificate Revocation Settings</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification-for-certificate-revocation-status/configure-revocation-status-verification-of-certificates-used-for-ssltls-decryption.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification-for-certificate-revocation-status/configure-revocation-status-verification-of-certificates-used-for-ssltls-decryption.html</A></P> Sun, 05 Jul 2020 12:25:02 GMT https://live.paloaltonetworks.com/t5/general-topics/ocsp-responder-with-self-signed-certificate/m-p/336622#M84811 fhewiufhwefhwe 2020-07-05T12:25:02Z