This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Decryption policy Issue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Decryption policy Issue

Go to solution
homicidedart
L3 Networker

‎02-09-2014 02:51 AM

Hi All,

I'm just trying to configure decryption. because I'm facing Issue while blocking applications(not all the applications got blocked as the policy supposed to do).

First of all, I'm using Trusted CA, and here you are the steps I followed To generate MY certificate.

1.

2. then I uploaded that Certificate to the Trusted CA, and then I got a signed Certificate.

3. I configured a Decryption Profile as below.

4. then I created the decryption policies as below

but finally while I'm trying to commit the Configuration I got the error  vsys1 decryption: forward decrypt trust cert is not configured


I don't know what's wrong with that, also does my configuration is correct, or I'm going the wrong direction.


Regards,

Maher


0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
panos
L6 Presenter
In response to homicidedart

‎02-09-2014 04:14 AM

A certificate signed by CA can be used for

  • Captive Portal ("CP") pages
  • Response Pages
  • GlobalProtect ("GP") Portal

How to Install a Chained Certificate Signed by a Public CA

When using ssl decryption you cannot use a system that  a client will not get a ssl warning (wihtout importing the certificate to the client).This is why ssl is safe.

if it is used for SSL decryption, it should be CA certificate.

View solution in original post

4 REPLIES 4

Go to solution
panos
L6 Presenter

‎02-09-2014 03:22 AM

This is because you did not configure the certifiate for decryption

Difference Between SSL Forward-Proxy and Inbound Inspection Decryption Mode

0 Likes Likes

Go to solution
homicidedart
L3 Networker
In response to panos

‎02-09-2014 03:29 AM

That's because when I import the Signed Certificate, All the Check boxes are disabled, as attached in the photo

Regards,

Maher

0 Likes Likes

Go to solution
panos
L6 Presenter
In response to homicidedart

‎02-09-2014 04:14 AM

A certificate signed by CA can be used for

  • Captive Portal ("CP") pages
  • Response Pages
  • GlobalProtect ("GP") Portal

How to Install a Chained Certificate Signed by a Public CA

When using ssl decryption you cannot use a system that  a client will not get a ssl warning (wihtout importing the certificate to the client).This is why ssl is safe.

if it is used for SSL decryption, it should be CA certificate.

Go to solution
homicidedart
L3 Networker
In response to panos

‎02-10-2014 07:12 AM

Thanks panos for your kind help.

Regards,

0 Likes Likes
  • 1 accepted solution
  • 3358 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks