https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69541#M40328 <P>Hi,</P> <P>&nbsp;</P> <P>This issue is on a&nbsp;Palo-Alto PA-500.</P> <P>&nbsp;</P> <P>I've renewed my SSL certificate from my provider and updated it in the Palo-alto / Device / Certificates.</P> <P>&nbsp;</P> <P>It tells me that this certificate is valid.</P> <P>Ok. thanls.</P> <P>&nbsp;</P> <P>But now that the date it should have expire is gone, my Global Protect clients have an error about the certificate that tells them that it's no more valid.</P> <P>&nbsp;</P> <P>Where do I need to update the certificate, as I thought that it was stored on the Palo-Alto and&nbsp;checked&nbsp;by the client before any connection.</P> <P>&nbsp;</P> <P>If anybody have any clue on how it worked, that would be nice to share.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you.</P> Wed, 16 Dec 2015 15:08:03 GMT fcorvaisier 2015-12-16T15:08:03Z https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69541#M40328 <P>Hi,</P> <P>&nbsp;</P> <P>This issue is on a&nbsp;Palo-Alto PA-500.</P> <P>&nbsp;</P> <P>I've renewed my SSL certificate from my provider and updated it in the Palo-alto / Device / Certificates.</P> <P>&nbsp;</P> <P>It tells me that this certificate is valid.</P> <P>Ok. thanls.</P> <P>&nbsp;</P> <P>But now that the date it should have expire is gone, my Global Protect clients have an error about the certificate that tells them that it's no more valid.</P> <P>&nbsp;</P> <P>Where do I need to update the certificate, as I thought that it was stored on the Palo-Alto and&nbsp;checked&nbsp;by the client before any connection.</P> <P>&nbsp;</P> <P>If anybody have any clue on how it worked, that would be nice to share.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you.</P> Wed, 16 Dec 2015 15:08:03 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69541#M40328 fcorvaisier 2015-12-16T15:08:03Z https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69550#M40332 <P>When you installed the updated cert, did you install the full chain (cert + intermediate) as per this article:</P> <P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Install-a-Chained-Certificate-Signed-by-a-Public-CA/ta-p/55523" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Install-a-Chained-Certificate-Signed-by-a-Public-CA/ta-p/55523</A></P> <P>&nbsp;</P> <P>If not, that's the most likely cause. The cert must be installed with the chain, or else all your clients must already trust the intermediate CA (or multiple intermediate CAs, if needed).&nbsp;</P> <P>&nbsp;</P> <P>If you did just the server certificate itself and not the full chain, try doing the chain install to see if that solves it for you.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>Greg</P> Wed, 16 Dec 2015 17:54:00 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69550#M40332 gwesson 2015-12-16T17:54:00Z https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69728#M40373 <P>Hi,</P> <P>I've added the certfile then the intermediate file, but it didn't resolve so I tried to add a file with cert+interm. but it didn"t change anything.</P> <P>&nbsp;</P> <P>The&nbsp;state is still "valid" on the PA but the client still have a message about the validity of the certificate.</P> <P>&nbsp;</P> <P>Should I try to revoke the certificate on the PA and import it again ?</P> Tue, 22 Dec 2015 08:47:11 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69728#M40373 fcorvaisier 2015-12-22T08:47:11Z https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69791#M40389 <P>Are you using the same certificate in the portal and the Gateway?</P> <P>&nbsp;</P> <P>Please verify if you are getting the same error when you trying to access the portal.</P> Wed, 23 Dec 2015 01:50:40 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-sever-certificat-can-t-be-verified/m-p/69791#M40389 amittal 2015-12-23T01:50:40Z