Chrome will default to using the QUIC protocol, which to @vsys_remo's point will come across on udp/443. Best practices would have you disallowing QUIC connections so that traffic is forced to fail-back to standard SSL/TLS connections over tcp/443. Then your decryption will actually work.
Thanks for your help and support.
Below is the task i have performed:-
I have disabled the QUIC protocol in the chrome browser then it is working as expected.
But i have large network in my environment, so i am not going through to disable the QUIC protocol in every system.
Solution:- I have gone through the below documents and deny the traffic of the QUIC application. now it is working as expected.
Now the problem is chrome is accepting the certificate, but I am not able some websites in the chrome browser.
Ex:- I have applied decryption only for youtube and NetFlix. but when I open Netflix it is working fine below is the screenshot for Netflix:-
But When I open youtube in chrome, getting the error. below is the screenshot.
I have changed certificates already with SHA 512 value but still issue persists.
Could you please help me with this.
Neither @BPry nor me @BPry are working for Paloaltonetworks. We use our free time to try to help here in the community. So if you cannot wait more than 3 hours (as you asked again for an update here 3 hours after your post with the cert warnings) you should contact official paloalto support.
Anyway, which certificate did you change to SHA512? Was it really the CA cert used for decryption? What key size did you configure for the dynamically created certificates? Could you show a screenshot of the cert?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!