I met the same issue, but found a problem in Network > Global Protect > Portals > GlobalProtect Portal Configuration > Agent > TrustedRoot CA. There was a certificate, whos CN duplicated the other one. But that certificate wasn't in the Certificates list in Certificates management.
Hope it will help somebody.
Hoping to revive this thread, I'm having the exact same issue.
Certificates visible with 'show sslmgr-store config-ca-certificate' and under 'Network > GlobalProtect > Portals' and under Agent Configuration and the Dropdown menu for Trusted Root CA. But nowhere else...
I've tried everything I can think of, the certificate is not available under the delete and debug commands, even in configuration mode.
I'm currently on release 9.0.x but I don't think this is associated with a particular release.
Did anyone find a solution for this?
I'm also having this problem but running version 8.1.14.
This problem started when a certificate expired. I selected the certificate and tried to renew it, but the firewall gave an error message saying that it could not read the certificate. I later made another certificate, with the intent of configuring it into the place of the expired certificate, with the same IP address. Just for fun, I tried renewing the certificate and it successfully renewed it.
I deleted the freshly created certificate that was still unused, but started receiving the error on commits. The certificate exists in some form in the GUI (provided for an option for GlobalProtect TrustedRootCA), but does not exist in Device > Certificate > Certificate management.
It exists in the CLI as well, but I'm unsure of the command to delete the certificate.
I had the exact same problem. It was a Wildcard certificate that for some reason was loaded 2 times (I think a browser error), I tried to delete the certificate from CLI since GUI did not see it, but this was not possible. From CLI I only got the name of the duplicate certificate and followed the instructions of the link:
You just have to be careful and now, it worked well for me.
I hope it helps. good day!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!