Warnings: External Dynamic List <list> is configured with no certificate profile.

Reply
L0 Member

Re: Warnings: External Dynamic List <list> is configured with no certificate profile.

What was the fix? Is it something you had to change or is it included in a later release?

L4 Transporter

Re: Warnings: External Dynamic List <list> is configured with no certificate profile.

I also faced same issue. TAC has advised to try this.

 

As far as EDL warning is concerned, cert profile need to be configured to verify server certificate using CA that signed CA cert.

There are two ways to resolve warning

1) use http instead of https to connect to webserver in EDL config
2) Or, configure cert profile using root CA that signed web server cert, Global sign in this case and use it in cert profile under EDL.

Highlighted
L1 Bithead

Re: Warnings: External Dynamic List <list> is configured with no certificate profile.

The real issue with the use of certificate profiles on external dynamic lists is that the firewall administrator has no control over the actions of 3rd party external dynamic list providers.

  • The list provider might force you to use HTTPS.
  • The list provider is free to choose whichever SSL Certificate provider they want.
  • If the certificate profile becomes invalid due to SSL certificate provider change, the list empties out, and you have no notification of this.
  • So, how exactly does this provide security if it suddenly fails open?
  • The GUI's "None (Disable Cert profile)" is a misnomer since it doesn't disable it to the point of no longer warning on policy commit.

A proper fix would be that "None (Disable Cert profile)" does what it says it will do which is to not use it and by disabled means it won't warn about it either.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!