https://live.paloaltonetworks.com/t5/globalprotect-discussions/ubuntu-22-04-1-lts-vpn-not-able-to-connect/m-p/527287#M3593 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/257744">@Sudhir</a> ,</P> <P>The error message you receive says that your GlobalProtect agent, doesn't trust the SSL server certificate presented by your GP gateway.</P> <P>It is very likely you are using self-signed certificate on the FW for the GP gateway. This means that the CA (certificate authority) used to generate the server certificate used by the GP gateway is not public, or at least is not trusted by default by your Ubuntu client.</P> <P>&nbsp;</P> <P>To be honest I don't have lot of experience with GlobalProtect on Linux (actually non), so I am not sure what certificate store will GP use on Ubuntu. But after little googling , it seems you need to import the CA cert (only the cert, no need for key) that used to create server cert for the GP gateway to the Ubuntu client in the following steps:</P> <P>- import the CA in <CODE>/usr/local/share/ca-certificates</CODE>.</P> <P>- execute <CODE>update-ca-certificates</CODE> (you may need sudo for that)</P> <P>- above command should put the imported cert to the /etc/ssl/certs directory.</P> <P>After that you can try to reconnect to GlobalProtect</P> Mon, 16 Jan 2023 22:57:27 GMT aleksandar.astardzhiev 2023-01-16T22:57:27Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/ubuntu-22-04-1-lts-vpn-not-able-to-connect/m-p/521365#M3431 <P>I am trying to use Global Protect VPN on my Linux Machine (Ubuntu 22.04.1 LTS).<BR /><BR />But whenever I try to connect I get the following error:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MicrosoftTeams-image (8).png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/45361i177CAB37DBB8DC15/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MicrosoftTeams-image (8).png" alt="MicrosoftTeams-image (8).png" /></span></P> <P> </P> <P>I am not able to understand what is the exact issue.</P> Wed, 16 Nov 2022 05:08:44 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/ubuntu-22-04-1-lts-vpn-not-able-to-connect/m-p/521365#M3431 Sudhir 2022-11-16T05:08:44Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/ubuntu-22-04-1-lts-vpn-not-able-to-connect/m-p/527287#M3593 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/257744">@Sudhir</a> ,</P> <P>The error message you receive says that your GlobalProtect agent, doesn't trust the SSL server certificate presented by your GP gateway.</P> <P>It is very likely you are using self-signed certificate on the FW for the GP gateway. This means that the CA (certificate authority) used to generate the server certificate used by the GP gateway is not public, or at least is not trusted by default by your Ubuntu client.</P> <P>&nbsp;</P> <P>To be honest I don't have lot of experience with GlobalProtect on Linux (actually non), so I am not sure what certificate store will GP use on Ubuntu. But after little googling , it seems you need to import the CA cert (only the cert, no need for key) that used to create server cert for the GP gateway to the Ubuntu client in the following steps:</P> <P>- import the CA in <CODE>/usr/local/share/ca-certificates</CODE>.</P> <P>- execute <CODE>update-ca-certificates</CODE> (you may need sudo for that)</P> <P>- above command should put the imported cert to the /etc/ssl/certs directory.</P> <P>After that you can try to reconnect to GlobalProtect</P> Mon, 16 Jan 2023 22:57:27 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/ubuntu-22-04-1-lts-vpn-not-able-to-connect/m-p/527287#M3593 aleksandar.astardzhiev 2023-01-16T22:57:27Z