How to Perform Client Certificate Install for SSL Decryption

Environment

• Palo Alto Firewall.

• Supported PAN-OS.

• SSL decryption configured

• Certificate installation on Windows Host.

Cause

 

Resolution

1. Export certificate from the Palo Alto Networks firewall

   1. Go to Device > Certificate Management > Certificates

   2. Under the Device Certificates tab, select the certificate to export

   3. Click the Export button
      

2. Install the certificate on the client system

   1. Double-click on the certificate

   2. Click Install Certificate to launch the Certificate Import Wizard
      

   3. On the Certificate Store page, check " Place all certificates in the following store "

      1. Note : When importing into the client browser, ensure that you add the certificate to the Trusted Root Certification Authorities certificate store. On Windows systems, the default import location is the Personal certificate store. See. Configure SSL Forward Proxy

   4. Click Browse and select " Trusted Root Certification Authorities "
      

   5. Click Next and then Finish

   6. Click Yes when the Security Warning appears
      

   7. Click OK on the success dialog
      

 

Verification

Chrome browser

1. Enter Settings page
   

2. Click " Show advanced settings …" at the bottom of the page

3. Scroll down to HTTPS/SSL and click " Manage certificates …"
   

4. Go to the Trusted Root Certification Authorities tab and verify the imported certificate
   

Internet Explorer browser

1. Bring up the Internet Options dialog

2. Go to the Content tab

3. Click Certificates

4. Go to the Trusted Root Certification Authorities tab and verify the imported certificate