SSL is an acronym for Secure Sockets Layer, an encryption technology that was created by Netscape. SSL certificates create an encrypted connection between a web server and a web browser, allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.
Types of SSL certificates and where they are used on Palo Alto Networks:
Self-Signed
(PAN)
Public CA
issued
Wildcard
Subject alt
name
Sub ordinate CA
(internal source)
WebUI
X
X
X
X
Captive portal - transparent
X
Captive portal - redirect
X
X
X
X
SSL forward proxy (decryption out)
X
X
SSL inbound proxy (decryption in)
X
X
X
X
GlobalProtect - gateway, portal and client authentication
X
X
X
X
X
URL filtering override page
X
X
X
X
The following table provides a list of valuable resources on understanding and configuring SSL certificates:
Windows certificate authority delivers certificates that cannot be read by PAN-OS
Document
Note: If you have a suggestion for an article, video or discussion not included in this list please submit the content through the feedback column on the right and it will be added to the master list.
Browser certificate errors: Remember with SSL certificates, there are three things that are always checked inside of an SSL certificate:
Certificate name matching the FQDN or IP address
Is this from a Trusted CA?
Is the certificate expired?
If these items are OK, then the certificate should be fine.