This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Configuring GlobalProtect with Wildcard Certificate

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Configuring GlobalProtect with Wildcard Certificate

Bocsa
L3 Networker

‎01-08-2016 08:37 AM

Hi All,

I'm configuring GlobalProtect for the first time and would like to ask a few questions about using a Wildcard certificate to set this up. After going through the below document, I have some questions:

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Use-a-Wildcard-SSL-Certificate-with-...

 

1. The first steps says a Root CA should be created.Does this mean setting the 'Common name' as the wildcard domain name, 'Signed by' External Authority CSR and still ticking the 'Certificate Authority' checkbox (e.g image attached)?gp1.png

 

2. I would like the users to access Globalprotect using the address 'vpn.example.com'. If I configure this under the Certificate attributes, will this automatically map it to the Interface IP address I choose for my Gateway IP address?

 

Your contributions are appreciated.

 

 

2.

Labels:
0 Likes Likes
2 REPLIES 2

pankaku
L5 Sessionator

‎01-09-2016 04:34 AM - last edited on ‎04-28-2020 07:26 AM by Retired Member

1> If you are using a public certificate then yes. "https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Generate-a-CSR-Certificate-Signin..."

 

2> You have to have a entry in external dns server for mapping of vpn.example.com to the interface IP address.

0 Likes Likes

abjain
L4 Transporter

‎01-10-2016 06:25 PM

1. If you are using PA as the Certificate Authority (i.e using self signed certificate), then generate the Root certificate on the firewall (Signed by Field as Blank and Certificate Authority check box ticked). If you are using external CA, then Root CA certificate just needs to be imported on the firewall. In this step, you do NOT need any wildcards.

 

Only when you are generating certificates for portal or gateway, you have to use the wildcard in the common name (Step 2)

 

2. Certificate attributes will not map anything. They are static field in the certificate. If you want users to resolve vpn.example.com to your Interface IP address, that should be recorded on the DNS server.

 

 

0 Likes Likes
  • 12687 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks