Hi Andre, Firstly thanks for the config guide, but unfortunately it doesn't work for me in my scenario. We don't use AD or windows so I can't push out certificates using GPO. We are linux/Mac based and rely on users clicking the right option when their browser prompts them to accept a certificate. In the facebook case above the browser does not load the s-static.ak.fbcdn.net certificate. I need to manually load this into the browser on my test machine for https facebook to work. I have tried other SSL sites, (gmail,hotmail,yahoo) these exhibit the same issue where the site doesn't trust the CA on the palo alto and doesn't load some certificates. This causes various parts of these sites to break.
... View more