Nominated Discussion: How to Change Forward Decrypt Trust Certificate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member
No ratings

This Nominated Discussion Article is based on the post "Change forward decrypt trust cert to a new one" by @djon and answered by @emr_1. Read on to see the discussion and solution!

 

I have forward ssl decrypt running and I want to change the cert I use. Can only have one forward trust cert at a time. If I deselect forward trust box I get commit error because my ssl decrypt policies don't have a forward trust cert. I can't select forward trust on the new cert until the old cert has forward trust deselected.

So now what do I do? 

 

You don't need to "deselect and commit".

 

Just change the certificate and commit will work (at least worked on my lab / pan-os 10.1.6-h6)

Image 001.png

 

Also make sure to have a private key for it.

Following two screenshots show what happens if you did not import private key (you won't be able to select Forward Trust Cert option):

 

Image 001.png

Image 002.png

 

tags: certificates, SSL Forward Proxy, Management, Management & Administration, NGFW, certificate management

Rate this article:
  • 1309 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎02-02-2023 02:20 AM
Updated by: