Click on Certificate information and browse to Detail tab.
Click Copy to File to export this certificate out. This will launch the Certificate Export Wizard.
Select Base 64 (.CER)[PEM] as per following screenshot. Name it and save it on the PC. (saved a abcd.cer in test case)
Import this cert on the PAN: Device > Certificates > Import. Browse for where the cert is stored on the PC and select File format as Base64 Encoded Certificate(PEM) and click OK.
Once the cert is imported, click on the cert and select SSLExclude Certificate .
Once this is complete, browse to the site whose cert was imported onto the PAN and check the certificate presented. Even though this session is decrypted by the SSL Decryption policy, it shows the original issuer certificate not the cert proxied by the PAN. Thus, showing the session was excluded from being decrypted.