Certificate Login to WebGUI with IE displays Login Page when Firewall has an Underscore in FQDN

Printer Friendly Page

Issue

While using Certificate Authentication with Internet Explorer (up to IE10), logging into the Palo Alto Networks device WebGUI causes the login page to be displayed instead of showing the Web UI page.

Checking the device system logs show that the user login succeeded. Logging in with Mozilla Firefox and Google Chrome web browsers work as expected.

 

Cause

Internet Explorer is ignoring/dropping cookies for site names that contain an underscore character.

 

Example: The URI and certificate common name for the Web UI is:

adm_stage.example.com

 

Resolution

To resolve this issue, change the DNS from adm_stage.example.com to adm-stage.example.com and recreate the user certificate with the new DNS name. Additionally, configure the site under Internet Explorer "Compatibility View".

 

owner: dmaynard

 

Tags (6)
Comments

As per RFC1912, underscore character is not allowed in hostname record.

I have a customer experiencing the problem with IE11