This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Safari Security Errors

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Safari Security Errors

kevin.shain
L2 Linker

‎04-01-2011 03:44 AM

I have suddenly started getting security certificate errors while using Safari.  I am not using a Captive Portal and have no certificates on the PAN, however the certificate errors always point back to a self-signed certificate by the PAN.  I am attaching a screen cap as an example, however please note that the ip #'s it lists vary and they are not my ip #'s.

Labels:
Preview file
129 KB
0 Likes Likes
8 REPLIES 8

pkruse
L4 Transporter

‎04-15-2011 11:15 AM

Are you using SSL Decrypt? You would  have to use a cert if this is the case. An ssl decrypt session acts like a proxy and could create the type of issue you are describing.

~Phil

0 Likes Likes

kevin.shain
L2 Linker
In response to pkruse

‎04-15-2011 11:22 AM

I have no rules set under Policies > Decryption, so I am assuming that means I am not using SSL Decrypt?  Not sure if there is anywhere else to look or not.

Thanks.

0 Likes Likes

bpappas
L6 Presenter
In response to kevin.shain

‎04-15-2011 11:25 AM

if you have no rules under Policies -> Decryption then you are not using SSL decrypt.

are you using a self-signed certificate for the web UI of the Palo Alto firewall?

-Benjamin

0 Likes Likes

kevin.shain
L2 Linker
In response to bpappas

‎04-15-2011 11:44 AM

Yes, I am using a self signed certificate for the web gui.

Thanks!

0 Likes Likes

bpappas
L6 Presenter
In response to kevin.shain

‎04-15-2011 11:59 AM

Did you purge your certificate store on Safari? Or maybe you did an upgrade that purged your store of trusted certs?

Either way you can decide to trust the self-signed cert for the web UI of the PAN and that would stop the pop-up.

-Benjamin

0 Likes Likes

kevin.shain
L2 Linker
In response to bpappas

‎04-15-2011 04:15 PM

The popup does not happen on the web gui, it happens on random websites, mostly when a banner ad or something else is trying to load.  The IP # is not one of mine however it says that the certificate is the self signed one from the PAN.  Makes no sense, but I've seen it happen on multiple machines.

0 Likes Likes

bpappas
L6 Presenter
In response to kevin.shain

‎04-15-2011 04:21 PM

Are you using captive portal? URL filtering?

I'm trying to isolate what may be causing the "response page" from the PAN device.

-Benjamin

0 Likes Likes

kevin.shain
L2 Linker
In response to bpappas

‎04-15-2011 04:24 PM

No captive portal, but we do filter URLs.

Thanks!

0 Likes Likes
  • 5248 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks