How to create IPv4 list from a text file

Hi Sutare,

Thank you for your recomendation. I have deployed an IIS server then can access the URL from the LAN and can see the IP list content.

But.. When I export the certificate on the IIS I have a .pfx file but I cannot import the certificate to the PA. Could you please share your experience configuring the certificate between IIS and the PA?

@tienngo,

If your webpage is ready on 443 port and you are able to access it from LAN. Now on PA, you need to import certificate and add it under certificate profile. Then you need to map this certificate profile under EDL. Once this is done, you can just test connectivity using 'Test Source URL' option.

Hope it helps!

Mayur

Hi @SutareMayur 

I know the procedure with the certification since I am using Minemeld for EDL. The issue I am encountering is that when I generate self CA in the IIS then export to the .pfx then import the file to PA and failed. 

How can I import the pfx file which generated by ISS to PA? I tried to genrated self CA on PA then import to ISS but got the same result. 

@tienngo,

Can you please give details on error that you are getting? if possible, please attach error snap. In my environment, I've generated self-signed certificate on PA and it is imported on windows server. Everything was smooth.

Mayur

Hi @SutareMayur 

I tried to generate self CA on PA as the following

Then I exported the generated self CA to a PEM file with a security key. Please note that since the ISS can only read the .pfx file and the PA can export CA in the file type PEM, DER, PKCS12 so I don't know which file type I should generate.

I imported the generated self CA to the ISS using import button in Server Certificate

Enter the password I have set at the export self CA step then I got the error

Could you please show me where I was wrong and share me how did you do it?

Thank you

@tienngo,

First of all, while generating certificate Common Name (CN) should be either IP address of server where your web page is configured or the FQDN you will be used for accessing webpage. Whatever you will put here that will appear on the certificate.

Once certificate is generated, export is as below file and put passphrase. Once exported, import file with same passphrase on your server. This should work for you.

Hope it helps!

Mayur

Dear @SutareMayur 

Thanks for your guidance, Certificate between IIS and PA is done!

From the web browser in the LAN network I can access and see the IP content in the web URL I have configured in ISS.

On PA when I create a rule using the EDL from the IIS I got the message as below and cannot verify the content of the EDL as well

Do you have any idea please...

Hi @SutareMayur 

The issue is resolved!

Since the log is very clear, I change the URL to access a text file hosted by IIS, everything is good now. It seems for the EDL, PA communicates with the IIS the different way than Minemeld

Thank you for your help!