cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate error on GP access

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Jafar_Hussain
L4 Transporter
‎10-05-2020 03:42 AM
‎10-05-2020 03:42 AM

Certificate error on GP access

Dear Team,

 

I am facing the issue certificate error while accessing the GP portal. below is the screenshot.

 

Jafar_Hussain_0-1601894358196.png

Below is the troubleshooting steps:-

Generated a new self-signed certificate and apply in SSL/TLS.

Same certificate export and configure in the machine as well as browser.

Can anyone help me on this?

 

Clear the

0 Likes
Reply
reaper
L7 Applicator
‎10-05-2020 04:27 AM
‎10-05-2020 04:27 AM

You should generate a CA certificate and then create a new (second) certitfate signed by this CA that you can use for the portal/gateway.

Then export the CA certificate and import it into the trusted sroot signing certificates store of the user

Tom Piens - PANgurus.com
Like my answer? check out my book! amazon.com/dp/1789956374
0 Likes
Reply
Jafar_Hussain
L4 Transporter
‎10-05-2020 04:29 AM
‎10-05-2020 04:29 AM

@reaper 

The same i have tried but still the issue is the same.

0 Likes
Reply
SutareMayur
L6 Presenter
‎10-05-2020 05:11 AM
‎10-05-2020 05:11 AM

@Jafar_Hussain  ,

 

Please check if your SSL Certificate CN and portal URL/IP are matching? It should match.

Mayur S.
0 Likes
Reply
MP18
Cyber Elite
Cyber Elite
‎10-05-2020 05:12 AM
‎10-05-2020 05:12 AM

@Jafar_Hussain 

 

You need to make sure that when you create certificate then certificate attributes has  hostname  field filled with FQDN.

As Chrome browser gives untrusted warning if hostname is not their in Certificates attribute.

 

Regards

MP
0 Likes
Reply
Jafar_Hussain
L4 Transporter
‎10-05-2020 05:50 AM
‎10-05-2020 05:50 AM

@SutareMayur 

I have configured the URL for portal access it is matched.

0 Likes
Reply
Jafar_Hussain
L4 Transporter
‎10-05-2020 05:56 AM
‎10-05-2020 05:56 AM

@MP18 

I want to highlight some points here.

 

I have observed once i open the portal in edge and internet explorer it is working fine only for some machine.

When i open portal in chrome and firefox then i am getting error.

When i checked the certificate some time is showing certificate is OK.

 

When i click on root CA it is shwoing below error:-

 

Jafar_Hussain_0-1601902524939.png

 

0 Likes
Reply
BPry
Cyber Elite
Cyber Elite
‎10-05-2020 08:18 AM
‎10-05-2020 08:18 AM

@Jafar_Hussain,

So it would appear that you have some clients that are successfully getting the root CA installed via whatever method you've chosen, but then other machines aren't. You need to look into why some of the machines don't trust the root CA certificate you are using and address that issue. 

0 Likes
Reply
AlexanderAstardzhiev
L4 Transporter
‎10-06-2020 12:18 AM
‎10-06-2020 12:18 AM

Hi @Jafar_Hussain ,

 

As @BPry correctly pointed out it seems that the problematic machines doesn't have the root CA properly installed. Either it was not installed at all, or it was not installed under "Trusted Root Certificates". It is common mistake when the root CA was manually installed. During the cert installation wizard you can manually select under which section to install the certificate or let the wizard choose automatically for you. However for security reasons windows will never automatically put cert into trusted root certs.

 

Also have in mind that Chrome, Edge and IE are using Windows certificate store, but Firefox is using separate certificate store. So it is possible that all other browsers to work properly, but to receive cert warning from Firefox. In that case you need to install the root CA in Firefox cert store as well. 

0 Likes
Reply
Jafar_Hussain
L4 Transporter
‎10-18-2020 02:31 AM
‎10-18-2020 02:31 AM

@AlexanderAstardzhiev

@BPry 

 

Thanks for your email. As i explain i have configure only root CA with common name IP address and the same certificate installed in client machine trusted root certificate store.

However again i am getting the warning. the same i have checked with child certificate but not able to resolve my issue.

 

As per my understanding, this is a self-sign certificate from the firewall that is sometimes not trusted by the client machine so i think i need to generate CSR and sign by 3rd party which is already trusted by the client machine. i will import this certificate in firewall. might be it will fix the issue.

Share your openion.

 

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks