Wrong Certificate used when SSL Decryption is enabled.

Wrong Certificate used when SSL Decryption is enabled.

9217
Created On 09/25/18 19:52 PM - Last Updated 02/18/20 23:08 PM


Symptom
Untrusted certificate is presented to users when performing SSL decryption instead of the trusted certificate.

Environment
  • Any NGFW
  • SSL Decryption
  • Any PAN-OS


Cause

This issue is likely caused by a problem loading certificates. Please examine the supervisor.log file vie the CLI with the following command:

> less mp-log supervisor.log
 

 

Look for errors similar to this:

mp\supervisor.log 04-30 17:17:19 Error: pan_ssl_load_tcas(pan_ssl.c:1555): 
an_ssl_load_ca_file() failed '/opt/pancfg/certificates/predefined/pan100.cer'
 
 


Resolution
  1. If certificate load errors are present, restart the firewall.

 

  1. If the issue persists, re-install the PAN-OS version, or contact support.

 

owner: bryan

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clg8CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language