Decryption Administration
  • Decryption Administration
  • Network Security Documentation
  • All Documentation
>
Identify Untrusted CA Certificates (PAN-OS)
Focus
Download PDF
Focus
  1. Home
  2. Network Security
  4. Troubleshoot Decryption
  5. Identify Untrusted CA Certificates
  6. Identify Untrusted CA Certificates (PAN-OS)
Download PDF
Network Security

Identify Untrusted CA Certificates (PAN-OS)

Table of Contents
  1. Block sessions with untrusted issuers in the Forward Proxy Decryption profile.
    When you block sessions with untrusted issuers in the Decryption profile, the Decryption logs log the error.
    Select ObjectsDecryptionDecryption Profiles. Then, select a profile to modify or create a new profile.
  2. Filter the log to identify sessions that failed due to revoked certificates using the query (error eq ‘Untrusted issuer CA’).
  3. (Optional) Double-check the certificate expiration date at the Qualys SSL Labs site.
    Enter the hostname of the server (Server Name Identification column of the Decryption log) in the Hostname field and Submit it to view certificate information for the host.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.