Who Me Too'd this topic

Who Me Too'd this topic

L2 Linker

Can not check Forward Trust Certificate

Hello. 

I'm having an issue with a setup of decryption.

 

we have a custoemr who wants decryption. and they also have an entreprise CA. 
to have the least user impact they wanted to use an entreprise signed certificate for their ssl forward trust. 

I created a certificate as explained on palo alto resources

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSxCAK

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/decryption/configure-ssl-forward-proxy

 

so far so good. 
I sent the csr to our customer. 

when I got it back( .cer) file I got an issue because it was not base 64 encoded. but could resolve it via this link:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGSCA0

 

 

afterwards I managed to get the certificate uploaded. 

however:

for the certificate the "key" checkbox is checked, but the "ca" checkbox is not. --> despite PA resources telling me it should be checked after the import(see first link step 3.4.d

when opening the certificate all options( ssl forward trust, untrust, etc are greyed out. the only option I can select is "certificate for secure syslog"

 

I'm starting to think the issue lies with the entreprise CA. or how teh certificate was signed. but wanted to make sure. perhaps someone on this forum knows more? 


Who Me Too'd this topic