- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-07-2020 11:46 AM
Dear All,
I have applied SSL forward decryption in my Paloalto, then i observed some traffic are decrypted and some traffic not decrypt.
Example:- I have applied the decryption in social-networking (Facebook traffic is decrypted but Snapchat traffic is not decrypted,however, both are falling under the social-networking category.)
Why it's strange behaviour.
02-12-2020 07:41 AM
hello,
Now the problem is chrome is accepting the certificate, but I am not able some websites in the chrome browser.
Ex:- I have applied decryption only for youtube and NetFlix. but when I open Netflix it is working fine below is the screenshot for Netflix:-
But When I open youtube in chrome, getting the error. below is the screenshot.
I have changed certificates already with SHA 512 value but still issue persists.
Could you please help me with this.
02-12-2020 12:30 PM
Neither @BPry nor me @BPry are working for Paloaltonetworks. We use our free time to try to help here in the community. So if you cannot wait more than 3 hours (as you asked again for an update here 3 hours after your post with the cert warnings) you should contact official paloalto support.
Anyway, which certificate did you change to SHA512? Was it really the CA cert used for decryption? What key size did you configure for the dynamically created certificates? Could you show a screenshot of the cert?
02-13-2020 04:47 AM
and you did configure this new ca cert as "Forward Trust Certificate"?
02-13-2020 04:48 AM
Yes, I configured as a forward trust cert.
02-13-2020 04:58 AM
could you share the dynamically created cert (via export from the browser)?
did you clear the local cert cache? maybe the cert you see is still the one created with the old CA cert.
02-13-2020 05:02 AM
@vsys
I have performed this task:-
1 – Clear the SSL state from the system.
Windows+r > inetcpl.cpl>content>clear SSL state>OK
2- Cleared browsing data.
Give me some time I will share the certificate also.
02-16-2020 05:15 AM
I was talking about the cert cache on the firewall
02-16-2020 05:22 AM
I have cleared the cache only from the system.
How, I clear from the firewall. it will impact of running operation?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!