Satellite Certificate Generation Failed

Satellite Certificate Generation Failed

19625
Created On 09/26/18 13:50 PM - Last Modified 10/05/23 04:15 AM


Symptom


GlobalProtect Satellite is unable to connect to the GlobalProtect Portal resulting in the Portal Status: 'invalid http response. return error(Satellite certificate generation failed)':

img1-edit.png

 

Environment


  • LSVPN

Resolution


From the WebGUI, go to the GlobalProtect Portal > Satellite Configuration and ensure that an 'Issuing Certificate' is present. If not present, add the issuing certificate and perform a commit.
 

Note: For satellites to connect to the gateway, a satellite certificate needs to be presented to the gateway in order for the gateway to authenticate the satellite. Hence, the portal needs to issue the satellite its 'satellite certificate' for which an Issuing Certificate is required to be configured on the portal as shown below:

img2-edit.png

 

On the GlobalProtect Portal, go to Device > Certificate Management > Certificates > Device Certificates to view the Satellite Certificate created by the Portal as shown below:

img3-edit.png

 

On the GlobalProtect Satellite, go to Network > IPSec Tunnels > GP-Satellite and click on 'Gateway Info' to verify for successful satellite connection to the gateway as shown below:

img4-edit.png

 

owner: gchandrasekaran
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsACAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language