Hi @Jafar_Hussain ,
Using certificated signed by public CA is probably the way to go (if you don't have internal PKI in your environment). So CSR signed by public CA will definitely solve your certificate warnings.
However the self-signed certificate should work, but the devil is in the details. I just noticed that the warning message from your original post is that the certificate common name is invalid, while you were looking at the CA (if the problem was with browser not trusting the self-signed CA, the warning would be "UNKNOWN_ISSUER". So it seem you probably have not one, but multiple issues.
There is no such think as "self-sign certificate from the firewall that is sometimes not trusted by the client machine" - it is either you have done something wrong, or you don't do something. If you still keen on understanding what is actually the problem:
1. Confirm your self-signed CA is installed in the trusted rot certificate authorities and certificate is listed as trusted when you view cert details
2. Confirm your both certs (GP and CA) are both with valid dates (start date is in the past and end date is in the future)
3. When opening the GP portal for address use what you have put in the certificate Common Name (CN). (common name invalid error could be caused by the fact that you are opening the page using the ip address in the browser, but the certificate to be configured with FQDN)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!