07-09-2020 08:44 AM - edited 07-09-2020 08:46 AM
I am having trouble with https://support.microsoft.com in firefox and getting this message. It works fine in chrome though, After i disable decryption for it, it works fine in firefox as well. Why it is breaking in one browser with decryption enabled. Maybe there are other sites as well that i yet don't know are breaking as well for same reason.
07-09-2020 12:34 PM
Hello,
Decrypting Microsoft is generally a bad idea as their site and applications use certificate pinning and will break if you try to decrypt it.
Here is a good article on resources:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgHCAS
Regards,
07-10-2020 12:42 AM
Could you possibly provide more details about your setup - Chrome version, Firefox version, PAN-OS version? Configuration of Decryption Profile used in the Decryption Rule this traffic is hitting (from CLI: show profiles decryption <decryption-profile-name>)?
Have you checked the ciphers negotiated by Chrome and Firefox through packet-sniffing the TLS/SSL handshake?
Wouldn't you agree that properly implemented HPKP for a website would result in error reported by browser, not by PA?
Also it looks this website does not implement it (according to the https://gf.dev/hpkp-test).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
