This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About muratahk
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About muratahk
08-18-2015
5Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by muratahk
| Subject | Views | Posted |
|---|---|---|
| 2565 | 05-29-2011 04:55 PM | |
| 2565 | 05-16-2011 06:09 PM | |
| 3151 | 05-15-2011 05:26 PM | |
| 2813 | 05-14-2011 05:26 AM | |
| 2386 | 05-10-2011 05:33 PM |
User Badges
Community Statistics
| Member Since | 05-09-2011 08:20 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 5 |
05-29-2011
04:55 PM
I am using PA2050 PanOS4.02. I also want to know is the cert if being timeout or allowed. On OSCP responder log, I can check PA2050 queries and the response to PA2050 On PA2050, as the capture, it shows the cert has been revoked. (I cannot find log for good cert though, I don"t know if PA do not log good cert events or it cannot get response) However both good or revoked cert is not allowed if the "block timeout cert" is checked. And other reason I think all cert has been timeout is PA do retry every query 3 times. So the unknown area is: 1. It looks like PA2050 timeout all revoked and good cert, but interestingly it actuallly got response from OSCP responder which able to log a revoked cert events.
... View more
05-16-2011
06:09 PM
I checked on the log, the ocsp responder replied the cert is revoked. But seems PA ignore the reply and retry 3 times and timeout the cert. If I check block timeout cert, all cert will be blocked. If I uncheck block time cert, all cert will be allowed. I do not know why it timeout the cert while system log already set it get response from OCSP that the cert was revoked or Good. I think it is a bug.
... View more
05-15-2011
05:26 PM
I am not sure if it is related as I am using 4.0.2. I installed Client Cerfification Profile, but revoked certificate was treated as valid and allowing to login. OSCP responder is working.
... View more
05-14-2011
05:26 AM
I have set up Client Certification Profile, and use in SSL VPN. I tried to revoke a cert. Firefox already able to valid that cert is invalid but PaloAlto still allow that certificate, I was able to verify from my OSCP server that PaloAlto had a successful query to my server, but I dont know what it is still allowing that revoked cert in SSL VPN.
... View more
05-10-2011
05:33 PM
I found there is a Client Certificate Profile Option, but I search around seems no Document or Manual description how to use it. Can anyone help?
... View more
- Tags:
- vpn
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks