10-08-2019 05:44 AM
Hi,
I have created a Portal and gateway for globalpotect connections.
I have assigned a Wildcard certificates for the connection.
In all my computers and iOS devices the connection is perfect but in Android devices have the message "The server certificate is not valid."
Do you know what may be happening?
Thanks,
10-08-2019 06:54 PM
This would be a tough issue to explain.
It appears that Android does not trust the certificate or the trusted certificate that signed your cert.
I am presuming it wasa publicly signed cert, versus a wild card cert, signed by your internal/enterprise certificate authority.
As a test, I would recommend that you manually export the cert, from the firewall, and import into the Android device, as a trusted certificate. Now, when the wildcard is presented by the portal or gateway, it would be accepted.
I just do not believe that the issue is a misconfiguration on the FW, because the error comes from Android OS.
03-31-2020 08:11 AM
Hey @DptoInformatica, I know this is about 5 months old, but I was curious if you found a fix for this.
04-01-2020 07:25 AM
I think I found the issue and it is really straight forward.
Under the Portal Config, go to the Agent Tab, and ensure that the Trusted Root CA is there, AND Install in Local Certificate Store.
Steve
04-03-2020 07:13 AM
Interesting. We're using a cert signed by Digicert for our portal, so I had assumed this wasn't necessary. I may have to give it a try though. Thanks.
04-15-2020 12:08 PM - edited 04-15-2020 12:10 PM
I validated that for samsung galaxy android devices, the gateway certificate needs to be installed locally in the user certificate store and installed for vpn and apps...hope this helps.
This goes for both publically and privately signed certificates for the gateway. Only applies to the android client as far as i can tell. Running client 5.1.1.
06-08-2020 04:44 AM
Hello I have the same problem with one customer of mine, he has a certificate signed by Digicert.
I have partially solved redirecting gateway requests by android devices toward a Gateway with a self signed certificate and pushing the CA into the client. But now I have a new problem, all android devices are ok, but a few (not all) windows devices have certificate problem, it seems as some windows devices are seen as android devices.....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
