Certificate error in Globalprotect app in Android

Reply
Highlighted
L0 Member

Certificate error in Globalprotect app in Android

Hi,

I have created a Portal and gateway for globalpotect connections.

I have assigned a Wildcard certificates for the connection.

In all my computers and iOS devices the connection is perfect but in Android devices have the message "The server certificate is not valid."

Do you know what may be happening?

Thanks,

Highlighted
L5 Sessionator

Re: Certificate error in Globalprotect app in Android

This would be a tough issue to explain.

 

It appears that Android does not trust the certificate or the trusted certificate that signed your cert.

I am presuming it wasa publicly signed cert, versus a wild card cert, signed by your internal/enterprise certificate authority.

 

As a test, I would recommend that you manually export the cert, from the firewall, and import into the Android device, as a trusted certificate.  Now, when the wildcard is presented by the portal or gateway, it would be accepted.

 

I just do not believe that the issue is a misconfiguration on the FW, because the error comes from Android OS.

Help the community: Like helpful comments and mark solutions
Highlighted
L3 Networker

Re: Certificate error in Globalprotect app in Android

Hey @DptoInformatica, I know this is about 5 months old, but I was curious if you found a fix for this.

Highlighted
L5 Sessionator

Re: Certificate error in Globalprotect app in Android

I think I found the issue and it is really straight forward.

 

Under the Portal Config, go to the Agent Tab, and ensure that the Trusted Root CA is there, AND Install in Local Certificate Store.

 

SteveCantwell_0-1585751063688.png

 

Steve

 

Help the community: Like helpful comments and mark solutions
Highlighted
L3 Networker

Re: Certificate error in Globalprotect app in Android

Interesting.  We're using a cert signed by Digicert for our portal, so I had assumed this wasn't necessary.  I may have to give it a try though.  Thanks.

Highlighted
L0 Member

Re: Certificate error in Globalprotect app in Android

I validated that for samsung galaxy android devices, the gateway certificate needs to be installed locally in the user certificate store and installed for vpn and apps...hope this helps.

 

This goes for both publically and privately signed certificates for the gateway.  Only applies to the android client as far as i can tell.  Running client 5.1.1.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!