topic Re: GlobalProtect -Select Certificate Error? in GlobalProtect Discussions

GlobalProtect -Select Certificate Error?

CheungRJ — Tue, 13 Jun 2023 14:19:09 GMT

Hello, I'm a help desktop tech. I have a user who is asking why he is receiving this error message. I'm not sure myself, can someone explain it to me. Thank you

Re: GlobalProtect -Select Certificate Error?

CheungRJ — Tue, 13 Jun 2023 14:21:07 GMT

Forgot to add, the user had the option to pick between two certificates, usually the user wouldn't have to pick.

Re: GlobalProtect -Select Certificate Error?

BPry — Tue, 13 Jun 2023 14:30:47 GMT

@CheungRJ,

The user has two matching certificates installed on the device for some reason. Without knowing anything about your environment the only thing we can tell you is that there's now two certificates matching the criteria GlobalProtect is looking for, and that this appears to be non-standard within your environment. Why that user has two nobody here could help you with.

You can prevent this by using custom certificates for GlobalProtect with a custom Extended Key Usage OID value specified in the certificate to have GlobalProtect automatically select the proper certificate when multiple certificates are present. Many environments will never configure this as having multiple matching certificates on a single device would be an extreme edge-case scenario and issuing out a dedicated certificate has additional overhead.

Re: GlobalProtect -Select Certificate Error?

Mick_Ball — Tue, 13 Jun 2023 17:05:54 GMT

As per BPry but are the certificate cn/subjalt the same.. perhaps you are using this in the GP portal app and GP is also detecting a cert in the computer personal store..