WildFire 注册未能验证x509证书从ctx

WildFire 注册未能验证x509证书从ctx

22003
Created On 04/29/19 16:11 PM - Last Modified 03/26/21 17:39 PM


Symptom


WildFire 注册失败与以下错误在mp/瓦尔克夫尔.log:
admin@PA-VM> tail follow yes mp-log varrcvr.log
2019-04-13 02:15:34.043 -0600 Error: verify_cb(pan_ssl_curl_utils.c:630): Basic Validation of x509 cert Fail ; Code : 19
2019-04-13 02:15:34.043 -0600 Error: verify_cb(pan_ssl_curl_utils.c:633): Issuer = /CN=FN-W-MCCA-CA
2019-04-13 02:15:34.043 -0600 Error: verify_cb(pan_ssl_curl_utils.c:636): Subject = /CN=FN-W-MCCA-CA
2019-04-13 02:15:34.043 -0600 Error: verify_cb(pan_ssl_curl_utils.c:639): Failed to validate x509 cert from ctx: (19) self signed certificate in certificate chain

Cause


当上游设备解密(通常是或 firewall 代理)连接到时,就会发生此错误 WildFire 。 SSL帕洛阿尔托的 "解密排除" 列表有* wildfire . .默认情况下添加 paloaltonetworks.com 以避免解密通信到 WildFire 帕洛阿尔托网络 firewall 进行解密时。
用户添加的图像

Resolution


添加 。 wildfire 。 。paloaltonetworks.com SSL 上游设备的解密排除列表中来解决问题。
 

Additional Information


有关解密内容的其他信息,请查看本文 pan-os :https://docs.paloaltonetworks.com//8-1/-admin/decryption/decryption-exclusions.html pan-os

Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLqzCAG&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language