Hi, why does an EDL give me a commit warning, I specified the address as https anyway, if I made a cert profile, what certificate am I supposed to specify?
Hi. Just a question. Why do we have to download the root cert and configure a certificate profile that contains the root certificate? Why is it not possible that Palo connects to uptimerobot.com and gets a certificate back that will reveal the root certificate? Just trying to understand some basic things.
I'm guessing that would all require more cycles as the fw would need to go check the entire chain, plus then one mechanism would need to be used for public and another for private certificates
If you add a https EDL, you should add the root cert chain to a certificate profile so the edl knows where to check if the server can be trusted. It also allows you to setup ocsp/crl for the edl host
Hi. Just a question. Why do we have to download the root cert and configure a certificate profile that contains the root certificate? Why is it not possible that Palo connects to uptimerobot.com and gets a certificate back that will reveal the root certificate? Just trying to understand some basic things.
If you add a https EDL, you should add the root cert chain to a certificate profile so the edl knows where to check if the server can be trusted. It also allows you to setup ocsp/crl for the edl host