https://live.paloaltonetworks.com/t5/general-topics/decryption-exlusions/m-p/439557#M99828 <P>I have not heard of that, but you never know.&nbsp;</P> <P>Are you using <A href="http://www.site.com" target="_blank">www.site.com</A>&nbsp;or just site.com ?&nbsp;</P> Thu, 07 Oct 2021 20:08:32 GMT jdelio 2021-10-07T20:08:32Z https://live.paloaltonetworks.com/t5/general-topics/decryption-exlusions/m-p/439400#M99820 <P>As you all know, Palo Alto gives you two ways to exclude sites from decryption.&nbsp; Are there any scenarios where excluding from SSL Decryption Exclusions works but setting the same url in a decryption policy doesn't?</P><P>&nbsp;</P><P>I ask because I've had the scenario where I get a certificate validation error using an app, I look at the cert and see it's for a URL that I have excluded via decryption policy, yet the error shows my internal CA as the root ca (which means it was decrypted)</P> Thu, 07 Oct 2021 13:57:11 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-exlusions/m-p/439400#M99820 ce1028 2021-10-07T13:57:11Z https://live.paloaltonetworks.com/t5/general-topics/decryption-exlusions/m-p/439557#M99828 <P>I have not heard of that, but you never know.&nbsp;</P> <P>Are you using <A href="http://www.site.com" target="_blank">www.site.com</A>&nbsp;or just site.com ?&nbsp;</P> Thu, 07 Oct 2021 20:08:32 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-exlusions/m-p/439557#M99828 jdelio 2021-10-07T20:08:32Z