List of Domains and Applications Excluded from SSL Decryption

Resolution

Domains

There are a number of Domains/SSL Certificates that are excluded from SSL Decryption.

Starting with PAN-OS 8.0 and newer, the SSL exclusion is handled inside of the Certificates section of the WebUI.

To see the full list of domains/SSL certificates that are excluded from SSL Dectyption, Inside of the WebGUI > Device > Certificate Management > SSL Decryption Exclusion.

A screenshot of a computer AI-generated content may be incorrect.

The domains selected with the "Exclude from decryption" in this location will not be decrypted by the Palo Alto Networks device.

This list of domains are added the SSL Decryption Exclusion list in each Content load so that the SSL engine will allow them to pass through, rather than trying to decrypt them.