This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Ma

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Ma

junior_r
L3 Networker

‎12-05-2017 02:04 PM

Hi

 

Anyone run into a issue where Client Certificate does not get presented to GP if its in the Local Machine Store? I tired giving the user perm but this didnt fix it. Only way to resolve it is to move the cert to the user store, which I dont want to do.


Thaks

1 person had this problem.
0 Likes Likes
18 REPLIES 18

rmfalconer
L5 Sessionator
In response to psouthwick

‎02-13-2019 04:09 PM

We generate machine certs and user certs, both scoped to specific AD groups. We use certs for more than just VPN so we have a need to deploy both.

0 Likes Likes

Mick_Ball
L7 Applicator
In response to psouthwick

‎02-13-2019 10:24 PM

I do not use pre logon, it doesn’t really suit our requitements. 

I use both pki and self signed.

 

pki user certs go into user store for globalprotect.

pki machine certs go into machine store for network access control.

 

self signed certs are distributed to 3rd party support and non domain maccy stuff.....

 

one thing i have noticed is that our machine certs cannot be used for gp as the cert profile is looking for subject field and the machine certs do not contain this information. Perhaps thats your issue...

 

0 Likes Likes

psouthwick
L1 Bithead
In response to Mick_Ball

‎02-21-2019 09:58 AM

@Mick_Ball @rmfalconer 

 

Just a follow up as I opened up a TAC case for this issue.  It turns out that the version of PanOS we are on 8.0.13 does not support SHA512, which is what our internal PKI CAs are hashed with.

fatboy1607
L4 Transporter
In response to psouthwick

‎08-19-2020 05:33 AM

Did you upgrade OS , just to know if that fixed your issue ?

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
0 Likes Likes
  • 8706 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks