topic Globalprotect with client certificate authentication on Linux (TPM support?) in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-with-client-certificate-authentication-on-linux/m-p/517924#M3289 <P>I'm currently using client certificates as authentication for windows clients.&nbsp;<BR />Our security team requires that the key is stored on TPM.</P> <P>As far as I can tell, RedHat supports storing keys on TPM as well&nbsp;<A href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/enhancing-security-with-the-kernel-integrity-subsystem_security-hardening#working-with-trusted-keys_enhancing-security-with-the-kernel-integrity-subsystem" target="_self">TPM RedHat</A>&nbsp;</P> <P>Does anyone know if Globalprotect supports using certificates where the key is stored on TPM?</P> <P>The current&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLMaCAO&amp;lang=en_US%E2%80%A9&amp;refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail" target="_self">Globalprotect linux</A>&nbsp;documentation, seem to just store the key and cert in /opt/paloaltonetworks/globalprotect</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 14 Oct 2022 08:28:10 GMT erikda 2022-10-14T08:28:10Z Globalprotect with client certificate authentication on Linux (TPM support?) https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-with-client-certificate-authentication-on-linux/m-p/517924#M3289 <P>I'm currently using client certificates as authentication for windows clients.&nbsp;<BR />Our security team requires that the key is stored on TPM.</P> <P>As far as I can tell, RedHat supports storing keys on TPM as well&nbsp;<A href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/enhancing-security-with-the-kernel-integrity-subsystem_security-hardening#working-with-trusted-keys_enhancing-security-with-the-kernel-integrity-subsystem" target="_self">TPM RedHat</A>&nbsp;</P> <P>Does anyone know if Globalprotect supports using certificates where the key is stored on TPM?</P> <P>The current&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLMaCAO&amp;lang=en_US%E2%80%A9&amp;refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail" target="_self">Globalprotect linux</A>&nbsp;documentation, seem to just store the key and cert in /opt/paloaltonetworks/globalprotect</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 14 Oct 2022 08:28:10 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-with-client-certificate-authentication-on-linux/m-p/517924#M3289 erikda 2022-10-14T08:28:10Z