- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-01-2011 03:44 AM
I have suddenly started getting security certificate errors while using Safari. I am not using a Captive Portal and have no certificates on the PAN, however the certificate errors always point back to a self-signed certificate by the PAN. I am attaching a screen cap as an example, however please note that the ip #'s it lists vary and they are not my ip #'s.
04-15-2011 11:22 AM
I have no rules set under Policies > Decryption, so I am assuming that means I am not using SSL Decrypt? Not sure if there is anywhere else to look or not.
Thanks.
04-15-2011 11:25 AM
if you have no rules under Policies -> Decryption then you are not using SSL decrypt.
are you using a self-signed certificate for the web UI of the Palo Alto firewall?
-Benjamin
04-15-2011 11:44 AM
Yes, I am using a self signed certificate for the web gui.
Thanks!
04-15-2011 11:59 AM
Did you purge your certificate store on Safari? Or maybe you did an upgrade that purged your store of trusted certs?
Either way you can decide to trust the self-signed cert for the web UI of the PAN and that would stop the pop-up.
-Benjamin
04-15-2011 04:15 PM
The popup does not happen on the web gui, it happens on random websites, mostly when a banner ad or something else is trying to load. The IP # is not one of mine however it says that the certificate is the self signed one from the PAN. Makes no sense, but I've seen it happen on multiple machines.
04-15-2011 04:21 PM
Are you using captive portal? URL filtering?
I'm trying to isolate what may be causing the "response page" from the PAN device.
-Benjamin
04-15-2011 04:24 PM
No captive portal, but we do filter URLs.
Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!