Certificate error in Globalprotect app in Android

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Certificate error in Globalprotect app in Android

L0 Member

Hi,

I have created a Portal and gateway for globalpotect connections.

I have assigned a Wildcard certificates for the connection.

In all my computers and iOS devices the connection is perfect but in Android devices have the message "The server certificate is not valid."

Do you know what may be happening?

Thanks,

6 REPLIES 6

Cyber Elite
Cyber Elite

This would be a tough issue to explain.

 

It appears that Android does not trust the certificate or the trusted certificate that signed your cert.

I am presuming it wasa publicly signed cert, versus a wild card cert, signed by your internal/enterprise certificate authority.

 

As a test, I would recommend that you manually export the cert, from the firewall, and import into the Android device, as a trusted certificate.  Now, when the wildcard is presented by the portal or gateway, it would be accepted.

 

I just do not believe that the issue is a misconfiguration on the FW, because the error comes from Android OS.

Help the community: Like helpful comments and mark solutions

L4 Transporter

Hey @DptoInformatica, I know this is about 5 months old, but I was curious if you found a fix for this.

I think I found the issue and it is really straight forward.

 

Under the Portal Config, go to the Agent Tab, and ensure that the Trusted Root CA is there, AND Install in Local Certificate Store.

 

SteveCantwell_0-1585751063688.png

 

Steve

 

Help the community: Like helpful comments and mark solutions

Interesting.  We're using a cert signed by Digicert for our portal, so I had assumed this wasn't necessary.  I may have to give it a try though.  Thanks.

I validated that for samsung galaxy android devices, the gateway certificate needs to be installed locally in the user certificate store and installed for vpn and apps...hope this helps.

 

This goes for both publically and privately signed certificates for the gateway.  Only applies to the android client as far as i can tell.  Running client 5.1.1.

Hello I have the same problem with one customer of mine, he has a certificate signed by Digicert.

I have partially solved redirecting gateway requests  by android devices toward a Gateway with a self signed certificate and pushing the CA into the client. But now I have a new problem, all android devices are ok, but a few (not all) windows devices have certificate problem, it seems as some windows devices are seen as android devices.....  

  • 14331 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!