9
SSL Decryption Struggles
Post Body
I'm testing SSL decryption by applying a policy that only decrypts my traffic. I have my forward trust cert marked as such and is marked as a trusted CA. It has the certificate signing attribute.
SSL profile says min: tlsv2 max version: max. Only block expired certs and untrusted issuers selected.
I can only get to lesser known sites. I see my decrypt cert being presented on these sites and the site loads.
My theory is HSTS on sites like google might be breaking things but I can't figure out why. I can't get to google, reddit, or any well known sites with decryption enabled. Anyone see something like this?
Decryption logs shows "early close notify" error. Foward Trust Cert is installed in my root store.
PA-3410 running 10.2.3
Author
Account Strength
100%
Account Age
13 years
Verified Email
Yes
Verified Flair
No
Total Karma
33,847
Link Karma
9,606
Comment Karma
24,241
Profile updated: 1 week ago
Posts updated: 1 year ago
Subreddit
Post Details
We try to extract some basic information from the post title. This is not
always successful or accurate, please use your best judgement and compare
these values to the post title and body for confirmation.
- Posted
- 1 year ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/paloaltonet...