topic Re: Trusted root CA on Global Protect Portal in General Topics

Trusted root CA on Global Protect Portal

mr.linus — Thu, 02 May 2013 09:35:09 GMT

Hi all,

My question is: what is this "trusted root CA" you can select under the portal configuration for Global Protect used for.

I get form the PA-help that you pass this certificate on to the client so the client will check the gateway server certificate if it was signed by this trusted root CA.

What is the use of that check?

If not supplied, could a connection be setup with another (false but valid) gateway certificate then the one selected under the network settings of the gateway configuration?

Tanx

Linus

Re: Trusted root CA on Global Protect Portal

gwesson — Thu, 02 May 2013 22:23:39 GMT

That section will send whichever root CAs you select to the client. When that client connects to the gateway, if the certificate used on that gateway is signed by that CA, the client will trust the certificate.

If you use a self-signed or in-house cert, this feature prevents the client from getting an 'untrusted issuer' prompt when connecting to that gateway. If you are using a public CA with your gateway, you won't need to use this feature.

Hope this helps!

Greg Wesson