Learn how to use the ‘show system setting ssl-decrypt certificate’ PAN-OS CLI command to troubleshoot SSL Decryption issues by checking the details of Forward Trust, Forward Untrust, and SSL Inbound Inspection certificates on Palo Alto Networks firewalls.
Table of Contents
Question
When you troubleshoot an SSL Decryption issue, which PAN-OS CLI command do you use to check the details of the Forward Trust certificate, Forward Untrust certificate, and SSL Inbound Inspection certificate?
A. show system setting ssl-decrypt certs
B. show system setting ssl-decrypt certificate
C. debug dataplane show ssl-decrypt ssl-stats
D. show system setting ssl-decrypt certificate-cache
Answer
B. show system setting ssl-decrypt certificate
Explanation
This PAN-OS CLI command displays the details of the Forward Trust certificate, Forward Untrust certificate, and SSL Inbound Inspection certificate used for SSL Decryption on the Palo Alto Networks firewall.
The Forward Trust certificate is used to decrypt outbound SSL traffic, while the Forward Untrust certificate is used to re-encrypt decrypted traffic before forwarding it to the untrusted destination. The SSL Inbound Inspection certificate is used for inbound SSL traffic inspection.
By running this command, you can verify the validity, expiration dates, and other details of these certificates, which are crucial for proper SSL Decryption functionality. It helps troubleshoot issues related to expired or invalid certificates, which can cause SSL Decryption failures.
Palo Alto Networks PCNSE certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks PCNSE exam and earn Palo Alto Networks PCNSE certification.