A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?
A network administrator wants to use a certificate for the SSL/TLS Service Profile. Which type of certificate should the administrator use?
For an SSL/TLS Service Profile, the network administrator should use a server certificate. This type of certificate is specifically designed to establish the identity of a server in SSL/TLS communications, enabling secure and encrypted connections between clients and the server.
Should be B. server certificate Use only signed certificates, not CA certificates, in SSL/TLS service profiles. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/certificate-management/configure-an-ssltls-service-profile.html
Another wrong answer. Should be B, common sense.
It should be B
answer is B
Use only signed certificates, not CA certificates, in SSL/TLS service profiles.
I think it is C, as you need a CA cert (enterprise PKI or external CA), else you are going to get cert warnings on the clients when connecting. >>> You must set up the certificate and SSL/TLS Service Profile on the PAN-OS system before you can connect using Privileged Access Service. Once the PAN-OS system is configured, the same certificate must also be trusted in all connector systems that are connected to the PAN-OS system. In most cases, PAN-OS systems should use a certificate obtained from an Enterprise Certificate Authority (CA), or a trusted external CA, like VeriSign. Since the certificate is trusted already, it simplifies the certificate setup on connector systems. You can also export the certificate from the PAN-OS system and import it into all systems running the connector. Self-signed certificates should not be used in production environments. <<<
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile
It should be B as SSL/TLS Service Profile usually assigns to an IP which acts like a server, not client. it should not be a CA from official docs: Use only signed certificates, not CA certificates, in SSL/TLS service profiles.
Should be B
I think the grammar is the confusing bit. I see server certificates as what external servers send to the firewall to establish a session. In fact in the below link someone else provided, the PAN team referred to it as a SIGNED CERTIFICATE. As such if one were to go with the options presented from face value, you are almost forced to select option C, whereas the PAN team really should use better grammar and just say signed certificates which is option B. Good lord!! https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile
Server Certificate as it's a signed cert
B - server cert. Ask your PKI admin to provide one in order to have a properly signed/valid cert. :)
C In the client systems that request firewall services, the certificate trust list (CTL) must include the certificate authority (CA) certificate that issued the certificate specified in the SSL/TLS service profile. Otherwise, users will see a certificate error when requesting firewall services.
C certificate authority (CA) certificate https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-an-ssltls-service-profile
Sorry correct Ans is B server cert : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-certificate-management-ssltls-service-profile in client it should be C Ca cert. sorry for confusion
fomr it is B