Hi I don't run WIndows either, pure Mac based environment 🙂 Yes, you have to import the forward-trust CA certificate into the client browsers, there is no way around it. If you do so, all runs smoothly even on a Mac. If you go with two vert CAs (like in my guide), import both CAs into the clients browser And don't forget to use a forward-untrust vert (do NOT import it). Doing so should allow you to see the certificate chain of both working and not working SSL Sites. What I don't get: You say the Website does'n trust the Palo Alto CA? What do you mean by this? The PA behaves like a normal client to the original server, so it doesn't use any (of it's own) certificates. Andre
... View more