Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 229

While troubleshooting an SSL Forward Proxy decryption issue, which PAN-OS CLI command would you use to check the details of the end entity certificate that is signed by the Forward Trust Certificate or Forward Untrust Certificate?

Answer options

• A. show system setting ssl-decrypt certs
• B. show system setting ssl-decrypt certificate
• C. debug dataplane show ssl-decrypt ssl-stats
• D. show system setting ssl-decrypt certificate-cache

Correct answer: D

Explanation

The correct answer is D, as this command specifically retrieves information about the SSL decryption certificate cache, which includes details on end entity certificates. The other options do not provide the required details about the certificates used in the SSL Forward Proxy decryption process.