cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

PAN-OS 7.0.2 SSL Decryption certficate untrust issues (No problem on 7.0.1)

L3 Networker

Yesterday i upgraded my pa vm-100 from panos-7.01 to 7.02.

After that facebook stopped working with SSL decryption on.

 

After some testing and troubleshooting this seems to be the problem.

The problem is that some akamai domains that facebook uses gives me an palo alto certificate untrusted page.

for example this domain: https://fbcdn-profile-a.akamaihd.net

 

The strange thing is all the certificates used by this domain are already in de PA trusted cert auth list.

Just to be sure i downloaded the certs and added them manually to the PA, but no difference.

 

After spending 2 hours debugging en trying to get it work,

off course i can exclude those domains from decryption or or let the PA ingnore untrusted certs but thats not the way to do it. i downgraded to panos 7.0.1 and the untrusted cert problem dissapeared.

 

Are more people having this issue? i think there are more sites that stop working after the upgrade.

Does anyone found a solution?

 

 

 

 

 

Who Me Too'd this topic