https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158715#M51961 <P>I posted a question here in a config article.</P><P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099</A></P><P>&nbsp;</P><P>PORTAL just lets me hit 'accept' anyway.&nbsp; (of course.. as it's all self-signed..)</P><P>But GATEWAY won't let me continue ? Server certificate validation failed (again... makes sense.. cause it's self-signed.. but I would have thought I could continue anyway with a popup/trust me anyway prompt ?)</P><P>&nbsp;</P><P>Same TLS/SSL profile set for both GATEWAY + PORTAL.</P><P>Self-signed/created CA, and server cert signed by aforementioned CA cert.&nbsp; This server cert is what is referenced in the TLS/SSL profile.</P> Tue, 30 May 2017 17:06:33 GMT mpgioia 2017-05-30T17:06:33Z https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158715#M51961 <P>I posted a question here in a config article.</P><P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/Certificate-config-for-GlobalProtect-SSL-TLS-Client-cert/tac-p/158713#M2099</A></P><P>&nbsp;</P><P>PORTAL just lets me hit 'accept' anyway.&nbsp; (of course.. as it's all self-signed..)</P><P>But GATEWAY won't let me continue ? Server certificate validation failed (again... makes sense.. cause it's self-signed.. but I would have thought I could continue anyway with a popup/trust me anyway prompt ?)</P><P>&nbsp;</P><P>Same TLS/SSL profile set for both GATEWAY + PORTAL.</P><P>Self-signed/created CA, and server cert signed by aforementioned CA cert.&nbsp; This server cert is what is referenced in the TLS/SSL profile.</P> Tue, 30 May 2017 17:06:33 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158715#M51961 mpgioia 2017-05-30T17:06:33Z https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158723#M51967 <P>Did you add your self signed root cert to the client configuration in global protect portal?</P><P><A href="https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprotect-portals/define-the-globalprotect-agent-configurations#_43122" target="_blank">https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprotect-portals/define-the-globalprotect-agent-configurations#_43122</A></P> Tue, 30 May 2017 18:05:14 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158723#M51967 Remo 2017-05-30T18:05:14Z https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158763#M51979 <P>That'd do it <span class="lia-unicode-emoji" title=":confused_face:">😕</span> <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Thanks.</P> Wed, 31 May 2017 06:03:38 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-ssl-profile-for-portal-gateway-globalprotect-must-have-valid/m-p/158763#M51979 mpgioia 2017-05-31T06:03:38Z