Decryption Administration
  • Decryption Administration
  • Network Security Documentation
  • All Documentation
>
Troubleshoot Revoked Certificates (Strata Cloud Manager)
Focus
Download PDF
Focus
  1. Home
  2. Network Security
  4. Troubleshoot Decryption
  5. Troubleshoot Revoked Certificates
  6. Troubleshoot Revoked Certificates (Strata Cloud Manager)
Download PDF
Network Security

Troubleshoot Revoked Certificates (Strata Cloud Manager)

Table of Contents
  1. Enable certificate revocation checking if you haven’t already.
    1. Select Manage Device Settings Device SetupSetupSessionDecryption Settings.
    2. Enable both OCSP and CRL certificate checking.
      If you Block sessions on certificate status check timeout in the Forward Proxy Decryption profile and are concerned that 5 seconds is not enough time and may result in too many sessions blocked by timeouts, set the Receive Timeout (sec) to a longer amount of time.
  2. Filter the Decryption logs for certificate revocation errors.
    1. Select Incidents and Alerts Log Viewer and select Firewall/Decryption.
    2. In the search field, enter the following query: Error Message = ‘OCSP/CRL check: certificate revoked’
  3. (Optional) Double-check the certificate expiration date at the Qualys SSL Labs site.
    Enter the hostname of the server (Server Name Identification column of the Decryption log) in the Hostname field and Submit it to view certificate information for the host.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.