Printer Friendly Page

4.1 SSL Traffic


This activity results in an increase in production traffic visibility by decrypting traffic and applications that are still hidden by encryption.  This process is completed in a staged task sequence in order to ensure a smooth transition.


Tasks include: 

  • Determine the existence of a PKI environment
  • Create or attain a trusted Certificate Authority (CA)
  • Deploy CA on Palo Alto Networks Platforms that will be performing Decryption
  • Ensure CA is trusted by all endpoints
  • Ensure User-ID is enabled 
  • Create a phased rollout approach
  • Establish and create Processes to bypass Decryption when issues arise
  • Creation of SSL Decryption policy for agreed high risk categories
  • Creation of SSL Decryption Profile to handle exceptions 
  • Complete testing of SSL Decrypt policy for deployed Categories


Knowledge transfer to Customer for implementation of additional SSL Decryption categories beyond the initially defined categories



  • SSL Configuration Addendum added to As-Built document
  • Completed SSL Decryption Implementation Checklist


Consultant Collateral: 

  • SSL Decryption Best Practice
  • Transformation Services Playbook


Please see the Decryption Best Practices page to learn more.



Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎07-02-2020 11:21 AM
Updated by: