Commit Warning: Recommended Block List Configured With No Certificate Profile
32028
Created On 04/17/19 23:03 PM - Last Modified 01/22/24 03:03 AM
Symptom
Commit Warning: external dynamic list <xxx> recommended block list is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
Environment
- Any Firewall
Cause
The warning message is not an error, and EDL should continue working as configured. If the firewall does not have a certificate in the certificate profile under server authentication, the warning message will show.
Resolution
STEP 1: Export the certificate from the URL server by going to the URL and clicking the lock in the address bar
Click the arrow next to connection
Click on More Information
Click View Certificate
Click Details, then click on certificate (*.appspot.com) to highlight certificate, then click Export
Save certificate on x.509 Certificate (PEM) format
NOTE: Make sure to remove the asterisk when saving the file. The firewall will not take a file with an asterisk or any symbol in front on the name of the file.
Repeat steps from 1-4 to obtain intermediate certificate.
Click on Details, then click on intermediate certificate to highlight certificate, then click on export
Save file as x.509 Certificate (PEM)
STEP 2: Click Device > Certificate > Import to import certificate into the firewall
STEP 3: Click Device > Certificate Profile > Add to create a certificate profile
– Name the certificate profile
– Under CA certificates, click Add
– Under CA certificate search for the certificate you imported to be used for EDL
– Then click OK and click OK again
STEP 4: Click on Object > External Dynamic List > select the EDL object and add the certificate profile under server Authentication > Certificate Profile
STEP 5: Commit changes