SSL Decryption Policy is Decrypting Traffic for No-Decrypt Rules

SSL Decryption Policy is Decrypting Traffic for No-Decrypt Rules

28535
Created On 09/25/18 17:58 PM - Last Modified 06/07/23 02:26 AM


Resolution


Symptoms

After enabling SSL Decryption and adding ‘No-Decrypt’ rules, all traffic is still showing as decrypted in the logs.

Decryption certificate is being presented for the site(s) in question rather than the original source certificate.

 

Running test decryption-policy-match application ssl shows the correct no-decrypt rule is matched.

 

Issue

If the site was accessed after creating the SSL-Decryption rule, but before the No-decrypt rule was configured, this issue is likely to happen.

This is a result of the certificate being found in the SSL-Decryption cache.

 

Resolution

Clear this cache use the following command: debug dataplane reset ssl-decrypt certificate-cache

 

owner: ppolizzi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLrCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language