I have created a Portal and gateway for globalpotect connections.
I have assigned a Wildcard certificates for the connection.
In all my computers and iOS devices the connection is perfect but in Android devices have the message "The server certificate is not valid."
Do you know what may be happening?
This would be a tough issue to explain.
It appears that Android does not trust the certificate or the trusted certificate that signed your cert.
I am presuming it wasa publicly signed cert, versus a wild card cert, signed by your internal/enterprise certificate authority.
As a test, I would recommend that you manually export the cert, from the firewall, and import into the Android device, as a trusted certificate. Now, when the wildcard is presented by the portal or gateway, it would be accepted.
I just do not believe that the issue is a misconfiguration on the FW, because the error comes from Android OS.
I think I found the issue and it is really straight forward.
Under the Portal Config, go to the Agent Tab, and ensure that the Trusted Root CA is there, AND Install in Local Certificate Store.
I validated that for samsung galaxy android devices, the gateway certificate needs to be installed locally in the user certificate store and installed for vpn and apps...hope this helps.
This goes for both publically and privately signed certificates for the gateway. Only applies to the android client as far as i can tell. Running client 5.1.1.
Hello I have the same problem with one customer of mine, he has a certificate signed by Digicert.
I have partially solved redirecting gateway requests by android devices toward a Gateway with a self signed certificate and pushing the CA into the client. But now I have a new problem, all android devices are ok, but a few (not all) windows devices have certificate problem, it seems as some windows devices are seen as android devices.....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!