- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-02-2020 06:22 AM - edited 07-02-2020 09:13 AM
Following https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIzCAK, I created an OCSP responded. When creating the user certificates, for signed by I tried both the Root and Intermediate certificate. I allowed HTTP_OCSP on both device->setup->Interfaces->Management as well as Network->Interfaces->Network Profiles->Interface Mgmt that corresponds to my interface. I also created a security policy to all ocsp from my machine to the firewall.
From the CLI, when I typed in the command: debug sslmgr view ocsp all
Nothing is coming back however. Any idea what could be the problem?
Do I have to download the certificate and try to use it with vpn before the debug sslmgr view oscp all command will show anything?
07-05-2020 05:25 AM
Finally figured out the missing step from another article. I need to go to Device -> Setup -> Session -> Decryption Certificate Revocation Settings
07-05-2020 05:25 AM
Finally figured out the missing step from another article. I need to go to Device -> Setup -> Session -> Decryption Certificate Revocation Settings
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!