I've successfully rolled out SSL Decryption on a bunch of non-HA firewalls via Panorama. Generating the .CSR, signing it with my CA, and then importing the .CER but I'm wondering if this is going to work with my HA Pair because I'm guessing that I'll have to have two different certs because there's two different physical boxes. Has anyone done this before?
I would have presumed that your CN or Common Name is either IP or FQDN name (which both FW would synch between them)
So in your template, your inside IP for both FWs is the same.. ( right??? ) and the FDQN name (if you used this for your CN) is the same on both FWs.
I guess, I am trying to determine if you used a wildcard cert on ALL firewalls?
So no, it should not be a problem to push the cert to both FWs.
Are there any other details that would create a difference (SNs are not included in differences).
Also, what is your methodology to get the cert onto all end user browsers (IE, Edge, Chrome, Firefox, Safari, Opera, etc)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!