It does, I've attached a screen shot of my config. The green is the self-signed, the blue is our root ca, and red is an intermediate that signed the cert that was deployed to the workstation.
In your GP portal configuration, do you have a certificate profile applied?
In the portal config I do not, but in the gateway I do. It is when I switch it from the prelogon-cert profile to the internal-PKI profile that I encounter the 'required client cert not found' error.
Do you have a way to distribute a cert to the user store? There could be a permission issue with accessing the computer cert store to verify the correct certificate.
I do not and would actually like to avoid that as I would prefer the machine certificate not follow the user, wherever they login.
Out of curiosity do you, or @MickBall, have pre-logon setup using certs auto-enrolled from AD; or are you using the SCEP functionality, or manually generating and importing certs?
We generate machine certs and user certs, both scoped to specific AD groups. We use certs for more than just VPN so we have a need to deploy both.
I do not use pre logon, it doesn’t really suit our requitements.
I use both pki and self signed.
pki user certs go into user store for globalprotect.
pki machine certs go into machine store for network access control.
self signed certs are distributed to 3rd party support and non domain maccy stuff.....
one thing i have noticed is that our machine certs cannot be used for gp as the cert profile is looking for subject field and the machine certs do not contain this information. Perhaps thats your issue...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!