07-12-2023 05:26 AM
Dear all
I am trying to configure SSL inspection on a Palo Alto in AWS.
Despite the configuration with client certificate and device CA and SubCA is (as far as I can verify) the same as the one on the on-premises environment, I still get errors like.
Received a fatal warning CertificateUnknown from the client.
Received a fatal warning UnknownCA from the client
PanOS is 10.2.4-h2
still tried this but cannot be the solution (and it does not help at all)
Repair Incomplete Certificate Chains (paloaltonetworks.com)
on reddit is a similar article but following this,the issue should be solved with PanOS10.2.3
07-23-2023 11:21 AM - edited 07-23-2023 11:22 AM
Hello
Please double-check the imported certificate chain, including the client certificate and all necessary intermediate/subordinate CAs, to ensure proper SSL inspection configuration. Verify that the CA issuing the client certificate is trusted on the Palo Alto device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
