In this case si B and D, it is uses the B the subordinate CA certificate to decrypt the traffic with our internal host, and the D the External CA certificate to decrypt the traffic with the server.
Sorry but the B only would be posible if we import the certificate in the web browser.
Why you guys are saying C is correct without knowing if the Self-signed CA is injected in the user's browser ? Because if it's not, the browser will show a warning.
As mentioned in: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy#idb39a2a9b-9c02-413b-ab1c-dc687b7bcb21
"This method (Self-signed Certificates) requires that you need to install the self-signed certificates on all of your network devices so that those devices recognize the firewall’s self-signed certificates. "
I'd say BD because the certificate forwarded in these both cases will be accepted by the browser as trusted.
C is correct if we know that the Self-signed CA was added to the user's browser.
I think it's C and D, based on link below. But I'm not sure. B also looks like an option.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy#idb39a2a9b-9c02-413b-ab1c-dc687b7bcb21
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Angelafp
2 weeks, 5 days agoMarshpillowz
8 months agoAndromeda1800
9 months, 3 weeks agoMcMarius11
11 months, 3 weeks agoHaillyHops
1 year, 2 months agoHaillyHops
1 year, 2 months agoMohamed_Waly
1 year, 2 months agoKnowledge33
1 year, 3 months agoabanaaba
1 year, 3 months agomercysayno765
1 year, 3 months agoKnowledge33
1 year, 3 months ago