https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20440#M14907 <HTML><HEAD></HEAD><BODY><P>Network -&gt; Global Protect -&gt; Portals -&gt; &lt;profile name&gt; -&gt; Client Config -&gt; &lt;config name&gt; -&gt; Gateways -&gt; External Gateways -&gt; "Address" == &lt;FQDN&gt; &amp;&amp; != &lt;IP Address&gt;</P><P></P><P>Translation: Make sure that you use the Fully Qualified Domain Name (FQDN) in Gateway Certificate and NOT the IP address for the gateway in the "Address" field of External Gateways.</P><P></P><P>This is not totally obvious to me as "Address" usually means "IP Address" and "URL" or "FQDN" or "Domain" usually means the domain name of something.</P></BODY></HTML> Sun, 21 Apr 2013 19:43:17 GMT ManillaTechOps 2013-04-21T19:43:17Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20439#M14906 <HTML><HEAD></HEAD><BODY><P>We are unable to get multiple gateways working correctly with Global Protect.&nbsp; When we have one portal and one gateway, clients are able to successfully connect and establish a VPN tunnel.&nbsp; With two gateways we get the following error from both the originally setup gateway and the gateway we are attempting to add: "Gateway x.x.x.x: Server Certificate Verification Failed" in the Global Protect Client -&gt; Status -&gt; Warnings/Errors dialogue.</P><P></P><P>Setup information:</P><P>Portal Hardware: PA-2050</P><P>Portal OS: 5.0.3</P><P></P><P>Gateway 1: Same as Portal above</P><P></P><P>Gateway 2 Hardware: PA-200</P><P>Gateway 2 OS: 5.0.3</P><P></P><P>Global Protect Portal License: YES</P><P>Global Protect Gateway 1 License: YES</P><P>Global Protect Gateway 2 License: YES</P><P></P><P>Certificate Authority Information:</P><P>Microsoft Server CA 2012</P><P>Portal - CSR issued to MS CA</P><P>Gateway 1 - CSR issued to MS CA</P><P>Gateway 2 - CSR issued to MS CA</P><P>Clients - Machine Certificate pre-installed via GPO from MS CA</P></BODY></HTML> Sun, 21 Apr 2013 19:23:14 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20439#M14906 ManillaTechOps 2013-04-21T19:23:14Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20440#M14907 <HTML><HEAD></HEAD><BODY><P>Network -&gt; Global Protect -&gt; Portals -&gt; &lt;profile name&gt; -&gt; Client Config -&gt; &lt;config name&gt; -&gt; Gateways -&gt; External Gateways -&gt; "Address" == &lt;FQDN&gt; &amp;&amp; != &lt;IP Address&gt;</P><P></P><P>Translation: Make sure that you use the Fully Qualified Domain Name (FQDN) in Gateway Certificate and NOT the IP address for the gateway in the "Address" field of External Gateways.</P><P></P><P>This is not totally obvious to me as "Address" usually means "IP Address" and "URL" or "FQDN" or "Domain" usually means the domain name of something.</P></BODY></HTML> Sun, 21 Apr 2013 19:43:17 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20440#M14907 ManillaTechOps 2013-04-21T19:43:17Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20441#M14908 <HTML><HEAD></HEAD><BODY><P>THANK YOU SO MUCH !</P><P></P><P>It was not obvious to me AT ALL. </P><P></P><P>If you buy a certificate and you don't want any errors and have the Portal and Gateway fully certified by the external CA it simply won't work!</P><P>I just spent exactly 2h and 28 minutes figuring out why the heck I continue to receive "Server certificate verification failed" error.</P><P></P><P>I even posted some screenshots here for help. </P><P>Then, I got to your post, changed the "ADDRESS" field which obviously is NOT address but FQDN and I'm in. </P><P>No Error, all connected just fine.</P><P></P><P>You should get like 5 starts for this hint.</P><P></P><P>Thanks a lot Manilla.</P><P>BR</P><P>Mariusz</P></BODY></HTML> Tue, 25 Nov 2014 22:30:33 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-quot-server-certificate-verification-failed-quot/m-p/20441#M14908 Mariusz.pianka 2014-11-25T22:30:33Z