How to remove DigiNotar CA SSL Root Authority

Reply
Highlighted
L3 Networker

How to remove DigiNotar CA SSL Root Authority

i do not find a hint how to remove any SSL Root Authority in my PAN. How can i announce me the trusted SSL Authorities? Is it possible to remove a single CA like "DigiNotar  Root CA".

mfg

Manfred

Tags (2)
Not applicable

Re: How to remove DigiNotar CA SSL Root Authority

+1 !

L0 Member

Re: How to remove DigiNotar CA SSL Root Authority

Ditto...

L1 Bithead

Re: How to remove DigiNotar CA SSL Root Authority

I would like to know too!

Not applicable

Re: How to remove DigiNotar CA SSL Root Authority

I wouldn't expect the PAN to have a list of authorized certificate authorities on the device.

This should be updated by each browser and host O/S.

L1 Bithead

Re: How to remove DigiNotar CA SSL Root Authority

The PAN needs to know what certificates to trust and which not to trust in order to determine when to present the trust cert to a client or the untrust cert to the client for SSL decryption. The PAN device must have an untrust and a trust list on device to do this. 

Not applicable

Re: How to remove DigiNotar CA SSL Root Authority

Ah, learn something new every day.

They realeased update 265 to alert on certs with the DigiNotar Root Authority, but its not clear if that removes from the device as well or if a different update is required for the device.

L6 Presenter

Re: How to remove DigiNotar CA SSL Root Authority

@camkim:

please note this information included in the release notes for this emergency content update:

"In addition, for users of SSL decryption, the new release removes DigiNotar from the device's trusted CA list"

I advise all users to read the release notes for each release of content and PAN-OS so that you know what has been addressed by each update you apply to your device(s).

Thanks,

Benjamin

Not applicable

Re: How to remove DigiNotar CA SSL Root Authority

My 2 cents is that PA should let us list & manage root CAs from GUI.

L3 Networker

Re: How to remove DigiNotar CA SSL Root Authority

I advise all users to read the release notes for each release of content and PAN-OS so that you know what has been addressed by each update you apply to your device(s).

Thanks,

Benjamin

Hi Benjamin,

is it a secret, where to find the trusted certificate store on a palo alto system? Why don't you tell the customers simply the method to control the certificate store by themselves?

kindly regards

Manfred

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!