02-19-2019 05:43 PM
Hello,
I'm hoping someone can point out what I'm missing or doing wrong here.
I've got a client with a Palo Alto PA-200 firewall running PAN-OS 6.1.22. VPN is configured correctly --I can connect to it using the GlobalProtect app from both my laptop (Win10) and Android phone, but from the client's iPhone (iOS 10.3.3), all I get is an error stating that the certificate is invalid. I know iOS 10.3 removed the ability to manually bypass invalid certificate warnings so here's what I've tried so far:
1. On the Palo Alto, I exported the certificate (as a Base64 Encoded Certificate (PEM) from Device -> Certificate Management -> Certificates, emailed the certificate to the client's email address, access that email from the iPhone, and imported the certificate.
2. On the iPhone, went into Settings -> General -> About -> Certificate Trust Settings and enabled full trust for the root certificate. Certificate shows as green/verified.
3. On the iPhone, re-created the VPN connection profile and attempted to connect, but received same error stating that GlobalPRotect could not verify the identity of <VPN server IP address>.
The certificate shows as valid on the Palo Alto (i.e., not expired), so ... I know I'm missing something, but I'll be buggered if I know what it is. Any suggestions?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
