Hey All, I am building integration between CS and an external Palo Alto Firewall device. The API calls to the PA device are done over HTTPS. In some cases (like testing or a POC), it makes sense to use a self signed cert for this connection.
Currently I have a little http client wrapper which allows the use of a self signed cert. Obviously, I do not want to use the wrapper when a real cert is used. What I am thinking of doing is adding a checkbox on the 'Add Palo Alto Device' configuration overlay with an option for 'Using a self signed cert'. If this checkbox is checked, then the http client wrapper is used so the self signed cert will not throw errors, if it is not checked, the the http client wrapper will not be used and errors will be thrown if the cert is not valid. Is this a realistic approach to this problem? Is this problem handled in other parts of the system in a different way? Thanks, Will
