Trusted root CA on Global Protect Portal

L4 Transporter

Trusted root CA on Global Protect Portal

Hi all,

My question is: what is this "trusted root CA" you can select under the portal configuration for Global Protect used for.


I get form the PA-help that you pass this certificate on to the client so the client will check the gateway server certificate if it was signed by this trusted root CA.

What is the use of that check?

If not supplied, could a connection be setup with another (false but valid) gateway certificate then the one selected under the network settings of the gateway configuration?



L7 Applicator

Re: Trusted root CA on Global Protect Portal

That section will send whichever root CAs you select to the client. When that client connects to the gateway, if the certificate used on that gateway is signed by that CA, the client will trust the certificate.

If you use a self-signed or in-house cert, this feature prevents the client from getting an 'untrusted issuer' prompt when connecting to that gateway. If you are using a public CA with your gateway, you won't need to use this feature.

Hope this helps!

Greg Wesson

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!