Palo Alto Networks Knowledgebase: Commit Error Received after Configuring SSL Decryption for Certificate Generation

Commit Error Received after Configuring SSL Decryption for Certificate Generation

2499
Created On 02/08/19 00:02 AM - Last Updated 02/08/19 00:02 AM
Resolution

Issue

After configuring SSL decryption, the commit fails after generating a certificate with the following error:  "Error:vys1 decryption: forward decrypt trust cert is not configured".

 

Cause

The commit fails because the SSL decryption requires a certificate for forward proxy.

 

Resolution

  1. Create a self generated certificate with 'Certificate Authority' checked, as shown below:


  2. Once generated, open the certificate (Device tab > Certificate Management > Certificates) and check two options:
    Forward Trust Certificate
    Forward Untrust Certificate


  3. After clicking OK, the certificate store should look like the following:
  4. The commit should now be successful.

 

owner: kadak



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clb7CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language