02-20-2020 10:22 AM
Hello, we are implementing Inbound SSL Decryption. The plan is to import the keys from our F5 Load Balancer. After a number of attempts and working with support, we found the only way for the import to work successfully is to import the bundle (CA / Intermediate / Certificate for the VIP).
While that process works, it leaves us with the question of renewal.
Our Intermediate certificate expires in May. Can we simply a) renew this certificate, b) can we just import this renewed certificate from the F5, or c) will we have to import the bundle again for all 20+ VIPs when this cert is renewed in May?
02-20-2020 06:25 PM
When you are talking about importing the bundle, do you mean that you simply had to import all three certificates or that you needed to chain all certificates? If you simply had to import all three certificates, you would simply import the new intermediate certificate so that the firewall trusts the full chain. If this is a chained certificate, you would need to update the chain and import the chained certificate.
02-20-2020 09:22 PM
@brandonbushong do you have same Client SSL profile on all 20 VIPs?
Because if certificate is renewed, you need to upload renewed certificate. If you have same Client ssl profile on all 20VIPs, you can simply replace expired certificate with new one and post updating it, it will get applied on all 20VIPs.
hope it helps!
02-21-2020 08:13 AM
Thanks. Have you completed this in Production? I'd like to see or hear from someone who completed this and confirm the process works.
02-21-2020 08:40 AM
02-21-2020 10:35 AM
So you have completed this on the Palo and the F5?
02-21-2020 07:06 PM
Yes i have done it on F5. You need to do configurations on F5 and Web server end too. No need to do anything on Paloalto.
Please refer below article.
hope it helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!