Palo Alto Networks Knowledgebase: Commit Error Received after Configuring SSL Decryption for Certificate Generation

Commit Error Received after Configuring SSL Decryption for Certificate Generation

6811
Created On 08/05/19 19:22 PM - Last Updated 08/05/19 19:48 PM
Resolution

Issue

After configuring SSL decryption, the commit fails after generating a certificate with the following error:  "Error:vys1 decryption: forward decrypt trust cert is not configured".

 

Cause

The commit fails because the SSL decryption requires a certificate for forward proxy.

 

Resolution

  1. Create a self generated certificate with 'Certificate Authority' checked, as shown below:


  2. Once generated, open the certificate (Device tab > Certificate Management > Certificates) and check two options:
    Forward Trust Certificate
    Forward Untrust Certificate


  3. After clicking OK, the certificate store should look like the following:
  4. The commit should now be successful.

 

owner: kadak



 Attachments
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clb7CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language