https://live.paloaltonetworks.com/t5/globalprotect-discussions/client-cert-usage-check-failed/m-p/589113#M5442 <P>So the issue was a user error. I created the cert via openssl but had not imported the private key into the store along with the cert. Doh!</P> Sat, 08 Jun 2024 20:13:04 GMT BBartik 2024-06-08T20:13:04Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/client-cert-usage-check-failed/m-p/589110#M5441 <P>I am testing client auth using certificates and the certificate is not being retrieved from the User store. It's Windows 11. The PanGPA.log file shows this error:</P> <P>&nbsp;</P> <P>(P23516-T9764)Debug(2744): 06/08/24 11:07:10:562 box return Valid client certificate is required, remove cache and close all handle now<BR />(P23516-T9764)Debug(5570): 06/08/24 11:07:10:562 we get cert error, so remove previousCertificate<BR />(P23516-T9764)Debug(5528): 06/08/24 11:07:10:562 send alive message now 2<BR />(P23516-T9764)Debug(5165): 06/08/24 11:07:10:562 client certificate error found: Client cert usage check failed</P> <P>&nbsp;</P> <P>My cert has the following extensions. Am I missing something else on this cert?</P> <P>&nbsp;</P> <P>X509v3 extensions:<BR />X509v3 Subject Alternative Name:<BR />email:aa@aaa.com<BR />X509v3 Extended Key Usage:<BR />TLS Web Client Authentication<BR />X509v3 Key Usage:<BR />Digital Signature, Key Encipherment</P> Sat, 08 Jun 2024 18:16:08 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/client-cert-usage-check-failed/m-p/589110#M5441 BBartik 2024-06-08T18:16:08Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/client-cert-usage-check-failed/m-p/589113#M5442 <P>So the issue was a user error. I created the cert via openssl but had not imported the private key into the store along with the cert. Doh!</P> Sat, 08 Jun 2024 20:13:04 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/client-cert-usage-check-failed/m-p/589113#M5442 BBartik 2024-06-08T20:13:04Z