09-25-2017 01:48 AM - edited 09-25-2017 01:49 AM
Hi Team,
New features and improvement in version 8 allows for additional cipher algorithms to be decrypted and the re-encrypted to check for malicious content.
Can generate a self-signed or a cert off MS Certificate Authority.
Many customers have the decryption cert with the RSA Algorithm already configured. Need to set up the additional one as below to take advantage of the new feature. So will have two forward trust and two forward untrust.
The ECDSA one is then preferred and the PAN device will fail back to the RSA one if required.
To generate a self signed one, is simple enough, just select the different algorithm as below.
Done some tests with same recently and seems to be working ok, if any trouble with same contact your support provider,
Cheers,
Rob
09-25-2017 03:02 AM
FYI: There is no need to generate a new Root Cert with an EC Key. PAN-OS 8 allows you to decrypt connections to websites with ECDSA certs also with an RSA Decryption certificate.
--> For example: https://ecdsa.scotthelme.co.uk/
09-25-2017 03:02 AM
FYI: There is no need to generate a new Root Cert with an EC Key. PAN-OS 8 allows you to decrypt connections to websites with ECDSA certs also with an RSA Decryption certificate.
--> For example: https://ecdsa.scotthelme.co.uk/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
