I has been years since I have done anything with Microsoft CA so I am really struggling. Here is the problem: When enabling URL filtering and I am blocking a certain site that has HTTP and HTTPS, the HTTP page will present the block page, but the HTTPS does not. I am not doing any SSL Decrypt, I want to in the future but that is requiring certs too. Need to work one thing at a time. So here is the article I am trying to follow: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Serve-a-URL-Response-Page-Over-an-HTTPS-Session-Without/ta-p/55998 A certificate to be used for Forward Trust on the Palo Alto Networks device. where it is one of the following: A self-signed/self-generated certificate with which the box for "Certificate Authority" has been checked Note: if using a self-signed/sef-generated certificate it will be necessary to import this certificate into the client machine's certificate store to avoid unwanted browser certificate errors An intermediate CA certificate installed on the Palo Alto Networks device which was generated by an organization's internal CA. The first option requires me to give my self signed cert to the Systems team and have deploy it out via GP to all clients, that could take a while. So I want the second option. My environment doesnt have an intermediate CA, just a Root CA, so I should be able to import that since all clients already have this cert. What I can find is how to get the root CA cert on the palo alto. Do I need to do a CSR, I am unsure how to get the root cert with cert and key. I can export it out of my local domain machine, but there is not a key so its useless. So when working with Palo Alto in a MS CA enviroment are there more in depth articles on to perform some of these tasks?
... View more