https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392659#M90939 <P>Does anybody know if we support separate&nbsp;Decryption Certs in a multi VSYS environment? I have an MSP who wants to use different Certs from each of their customers.&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 22 Mar 2021 14:20:31 GMT Pasquale01 2021-03-22T14:20:31Z https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392659#M90939 <P>Does anybody know if we support separate&nbsp;Decryption Certs in a multi VSYS environment? I have an MSP who wants to use different Certs from each of their customers.&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 22 Mar 2021 14:20:31 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392659#M90939 Pasquale01 2021-03-22T14:20:31Z https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392757#M90949 <P>As I have not done that myself on a vsys . I can only tell that the vsys is a separate virtual firewall and when you import a CA cert into a VSYS you select where to import it and to which vsys, so this should mean that it uses different trust ca for different vSYS.</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/obtain-certificates/import-a-certificate-and-private-key" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/obtain-certificates/import-a-certificate-and-private-key</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Can someone who has done it to 100% confirm this?</P> Mon, 22 Mar 2021 17:18:44 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392757#M90949 nikoolayy1 2021-03-22T17:18:44Z https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392865#M90960 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/138583">@Pasquale01</a>,</P> <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;is correct. This is easily done and you can control which VSYS you want to import the certificate into, or if you want to import said certificate as a shared cert across the system.&nbsp;</P> Tue, 23 Mar 2021 01:25:35 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-certs/m-p/392865#M90960 BPry 2021-03-23T01:25:35Z