I'm trying to setup the Globalprotect VPN and have followed the (only partially helpful) GlobalProtect-Configuration-4.1.pdf to create certs and set everything up. When I try to connect to the portal site with my browser I get a certificate error - "Error code: sec_error_bad_signature".
It doesn't matter if I conect to the host name or the IP that I defined in the cert, I still get this error.
Does anyone know what the problem could be. Also, is there a way to actually see the certificates?
Thanks very much. I've been working away on this for hours before seeing you post. My last issue was the temptation to select a value for Client Certificate Profile in the Portal Config. Please also note that after I recreated all the certs and started again, I emptied my test client browser cache and purged the certs from the cert personal store.
Works nicely now with PA based CA cert.
Using GlobalProtect with an external CA could be documented better I suppose. The most common mistake is that the certificate that is issued by the external CA is not imported back into PANOS together with the corresponding private key and certificate chain. Usually you'd import it as a PKCS12 file.
@mwalter my initial problems were not with a third-party CA. I was using the PA as the CA exactly as per the instructions and it still didn't work, even after sitting down with an SE. It wasn't until we did the single cert solution as documented in this thread that we were able to get it working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!