Nominated Discussion: How to Change Forward Decrypt Trust Certificate

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This Nominated Discussion Article is based on the post "Change forward decrypt trust cert to a new one" by @djon and answered by @emr_1. Read on to see the discussion and solution!

 

I have forward ssl decrypt running and I want to change the cert I use. Can only have one forward trust cert at a time. If I deselect forward trust box I get commit error because my ssl decrypt policies don't have a forward trust cert. I can't select forward trust on the new cert until the old cert has forward trust deselected.

So now what do I do? 

 

You don't need to "deselect and commit".

 

Just change the certificate and commit will work (at least worked on my lab / pan-os 10.1.6-h6)

Image 001.png

 

Also make sure to have a private key for it.

Following two screenshots show what happens if you did not import private key (you won't be able to select Forward Trust Cert option):

 

Image 001.png

Image 002.png

 

tags: certificates, SSL Forward Proxy, Management, Management & Administration, NGFW, certificate management

Rate this article:
  • 1459 Views
  • 0 comments
  • 1 Likes
  • 270 Subscriptions
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎02-02-2023 02:20 AM
Updated by: