Global Protect with self-signed certificate

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect with self-signed certificate

L4 Transporter



We have configured GlobalProtect with a self-sign certificate working properly, but when we try to connect through global protect we always receive this advise about "this certificate is not valid...." and we have to accept it to continue. This message is quite annoying.

Is there any way to use a self-signed certificate without seeing this message???





L4 Transporter

Hi JC,


To avoid the certificate error when using Self signed certificate, at least you need to make sure that the "signing certificate" ie the self signed CA used to sign the portal and gateway cert  is downloaded and added in the Trusted Root CA store of the end user machines.


Though there can be more complications regarding certificates (like one mentioned in the DOC below) depending on exact implementation of the GP setup. It is difficult to conclude the reason without knowing the exact setup/config.


It would help if you could add the exact error message snapshot seen on the user machines and GP Agent and panOS version.




L5 Sessionator

Is the self singed certificate a CA cert or signed by a private CA?

  • 2 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!