This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ksoni
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ksoni
09-01-2022
6Posts
0Likes
0Solutions
Sep 01, 2022Last Visited
User
Activity
User
Profile
Latest posts by ksoni
| Subject | Views | Posted |
|---|---|---|
| 1379 | 04-12-2021 09:03 AM |
User Badges
Community Statistics
| Member Since | 04-16-2019 08:25 AM |
| Date Last Visited | 09-01-2022 07:16 AM |
| Posts | 6 |
04-12-2021
09:03 AM
Hello experts, We are trying to authenticate users connecting to GP via client certs, idea is to revoke client certs and thus prevent users from connecting to GP. Test user is still able to connect after certification has been revoked. Due to some reasons, OCSP has been disabled on the gateway, CRL does not contain revocation status, only delta CRL does, which is not supported by PAN-OS ref (tac case 01728222 ). In PANGPS following logs are seen: (T532)Info (5289): 02/05/21 15:23:47:711 cert 000001E403ACF4B0 verification result is 0x4 (T532)Info (5292): 02/05/21 15:23:47:711 cert 000001E403ACF4B0 failed revocation verificaiton (T532)Debug(5309): 02/05/21 15:23:47:711 Check certificate revocation returns FALSE Questions here are: 1> Does the above logs indicate that the GP agent has detected that the cert is expired or that the revocation check has failed. 2> Will the GP agent do a client cert validation prior to allowing the user to connect. or not. Thanks in advance!
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-01-2022
07:16 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks