SSL certificates - resource list

by on ‎05-12-2015 02:41 PM - edited on ‎01-06-2016 02:57 PM by EmmaF (47,173 Views)

Overview

SSL is an acronym for Secure Sockets Layer, an encryption technology that was created by Netscape. SSL certificates create an encrypted connection between a web server and a web browser, allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.

 

Types of SSL certificates and where they are used on Palo Alto Networks:

 

Self-Signed

(PAN)

Public CA

issued

Wildcard

Subject alt

name

Sub ordinate CA

(internal source)

WebUI

X X X X  

Captive portal - transparent

X        
Captive portal - redirect X X X X  
SSL forward proxy (decryption out) X       X
SSL inbound proxy (decryption in)   X X X X
GlobalProtect - gateway, portal and client authentication X X X X X

URL filtering override page

X X X X  

 

The following table provides a list of valuable resources on understanding and configuring SSL certificates:

Title Description Type
Basic    
How to generate a CSR (certificate signing request) and import the signed certificate How to generate a CSR (Certificate Signing Request) and Import the Signed Certificate Document
How to generate a new self-signed SSL certificate How to generate a new self-signed certificate Document
Troubleshooting SSL certificates in PAN-OS Troubleshooting tips for general SSL certificates Document
Pushing SSL decryption certificates using GPO Pushing SSL decryption certificates using GPO Document
How to perform a client certificate install for SSL decryption How to install a client certificate install for SSL decryption Document
How to install a chained certificate signed by a Public CA How to install a chained certificate signed by a public CA Document
Intermediate    
SSL certificates with HTTPS CRL Information about SSL certificate with HTTPS for the CRL Document
Exporting IIS SSL certificate How to export the SSL certificate from a Microsoft IIS server Document
How to implement certificates issued from Microsoft certificate services How to implement certificates issued from Microsoft certificate services Document
How to delete certificates on a Palo Alto Networks firewall How to delete certificates on a Palo Alto Networks firewall Document
Advanced    
Commit error received after configuring SSL decryption for certificate generation Configuring SSL decryption - commit fails after generating a certificate error Document
SSL decryption stops working on Firefox after changing SSL decryption certificate After changing the SSL Decryption certificate, SSL decryption does not work with Firefox  Document
Wrong certificate used when SSL decryption is enabled. Untrusted certificate presented when performing SSL decryption Document
Commit error received after configuring SSL decryption for certificate generation Configuring SSL decryption - commit fails after generating a certificate error Document
Error deleting certificate - Web-server-certificate When attempting to delete a certificate that is used for web server certificate, error is received Document
URL admin override not working with new SSL certificate URL admin override not working with new SSL certificate Document
How to use a Wildcard SSL certificate with Subject Alternative Names (SAN) for GlobalProtect portal ... How to use a wildcard (multi-domain) certificate with one common name and Subject Alternative Names (SAN) for other protected domains. Document
Error deleting certificate on PAN-OS - ssl-decrypt; trusted-root-CA Error deleting certificate on PAN-OS - SSL-decrypt > trusted-root-CA Document
Captive portal using transparent mode with LDAP auth or redirect mode with client certificate auth i... Guide in configuring captive portal in a Vwire deployment Document
Windows certificate authority delivers certificates that cannot be read by PAN-OS Windows certificate authority delivers certificates that cannot be read by PAN-OS Document

Note: If you have a suggestion for an article, video or discussion not included in this list, please post a recommendation in the comments below and it will be added to the master list.

 

Browser certificate errors:

Remember with SSL certificates, there are three things that are always checked inside of an SSL certificate:

  1. Certificate name matching the FQDN or IP address
  2. Is this from a Trusted CA?
  3. Is the certificate expired?

If these items are OK, then the certificate should be fine.

 

owner: jdelio

Register now
Ask Questions Get Answers Join the Live Community
Contributors