Expedition Updates with SSL Inspection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Expedition Updates with SSL Inspection

L1 Bithead

I ran into issues updating Expedition through my PAN Firewall running SSL decryption.

 

After a bit of troubleshooting there are two changes I needed to make on the expedition VM.

 

  1.  Update cert file with your SSL Decrypt cert - This allows apt to trust your SSL decryption certificate
    1. Export the Root CA that signed your SSL cert in base64/PEM format
    2. Append the raw text of that SSL Cert to /etc/ssl/certs/ca-certificates.crt
  2. Configure PIP to use that certificate Store - This tells pip to read your SSL certificate store
    1. create /etc/pip.conf and add the following configuration
      [global]
      cert = /etc/ssl/certs/ca-certificates.crt

I also needed to allow this system to download EXE's from the Internet, once PIP started trusting my decryption certificate, I discovered that PIP is downloading EXE's(normally for windows) as part of its script for some reason and this was causing it to throw errors.

 

 

0 REPLIES 0
  • 2598 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!