Hopeing you can answer a couple of questions I have regarding SSL certificates.
1) How does the Palo Alto device itself handle SSL when it is doing interception? Can you set that it would block traffic when for example, an online banking sites certificate has expired, force OCSP, etc.
2) How does the Palo Alto maintain its own list of CAs, can we remove CAs from the list
Hope this make sence
Solved! Go to Solution.
PAN provides you with the option to set OCSP, in the admin guide (Page 34, PANOS v4) it says you have the option to "Block Unknown Certificates"
What does this option actually do?
Would it not block traffic if the certificate had expired or was unknown ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!