Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

Reply
Highlighted
L0 Member

Generating SSL Decryption Forward Trust Cert for an HA Pair via Panorama?

I've successfully rolled out SSL Decryption on a bunch of non-HA firewalls via Panorama. Generating the .CSR, signing it with my CA, and then importing the .CER but I'm wondering if this is going to work with my HA Pair because I'm guessing that I'll have to have two different certs because there's two different physical boxes. Has anyone done this before?

Tags (1)
Highlighted
Cyber Elite

Hello there.

 

I would have presumed that your CN or Common Name is either IP or FQDN name (which both FW would synch between them)

So in your template, your inside IP for both FWs is the same.. ( right??? ) and the FDQN name (if you used this for your CN) is the same on both FWs.

 

I guess, I am trying to determine if you used a wildcard cert on ALL firewalls?

 

So no, it should not be a problem to push the cert to both FWs.

 

Are there any other details that would create a difference (SNs are not included in differences).

 

Also, what is your methodology to get the cert onto all end user browsers (IE, Edge, Chrome, Firefox, Safari, Opera, etc)

Please advise.

Help the community: Like helpful comments and mark solutions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!