This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

OCSP Responder with Self-Signed Certificate

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

OCSP Responder with Self-Signed Certificate

Go to solution
fhewiufhwefhwe
L4 Transporter

‎07-02-2020 06:22 AM - edited ‎07-02-2020 09:13 AM

Capture.PNGFollowing https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK, I created an OCSP responded.  When creating the user certificates, for signed by I tried both the Root and Intermediate certificate.  I allowed HTTP_OCSP on both device->setup->Interfaces->Management as well as Network->Interfaces->Network Profiles->Interface Mgmt that corresponds to my interface.  I also created a security policy to all ocsp from my machine to the firewall.

 

From the CLI, when I typed in the command: debug sslmgr view ocsp all

Nothing is coming back however.  Any idea what could be the problem?

 

Do I have to download the certificate and try to use it with vpn before the debug sslmgr view oscp all command will show anything?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
fhewiufhwefhwe
L4 Transporter

‎07-05-2020 05:25 AM

Finally figured out the missing step from another article.  I need to go to Device -> Setup -> Session -> Decryption Certificate Revocation Settings

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification...

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
fhewiufhwefhwe
L4 Transporter

‎07-05-2020 05:25 AM

Finally figured out the missing step from another article.  I need to go to Device -> Setup -> Session -> Decryption Certificate Revocation Settings

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/certificate-management/set-up-verification...

0 Likes Likes
  • 1 accepted solution
  • 3699 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks