Install in local root certificate store

G.Grant — Thu, 20 May 2021 12:20:15 GMT

I'm testing this and have questions...

Where exactly is the root certificate stored on Windows and Mac when 'Install in local root certificate store' is selected under the agent configuration?

My understanding is that the firewall pushes the root-ca down to the client upon connecting. I can't see any new certificates added in Keychain on Mac or via mmc on Windows.

Also would this be considered a less secure option because you are pushing down a root certificate to the endpoint meaning that they only require a correct username and password to connect.

Re: Install in local root certificate store

BPry — Thu, 20 May 2021 12:55:14 GMT

@G.Grant,

On Windows this is stored under the user's certificate store under Trusted Root Certificates. On macOS you'll be able to find it under the System certificates in keychain.

@G.Grant wrote:
Also would this be considered a less secure option because you are pushing down a root certificate to the endpoint meaning that they only require a correct username and password to connect.

Are you using the certificates that you are trying to push as part of your authentication process, because if you are I wouldn't it. We push down our root and intermediate certificates so that users on a BYOD endpoint can navigate to any of our allowed internal resources without certificate errors and so they don't have to manually install our certs. You can have them connect to GlobalProtect and they're automatically ready to access internal websites ect.

topic Re: Install in local root certificate store in GlobalProtect Discussions

Install in local root certificate store

Re: Install in local root certificate store