For details on cookie usage on our site, read our Privacy Policy
GlobalProtect 5.0 for iOS 12 and User Certificates
- LIVEcommunity
- Discussions
- General Topics
- GlobalProtect 5.0 for iOS 12 and User Certificates
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 02:43 PM
I have several customers (and my homelab) that leverage user certificates issued from Active Directory Certificate Authorities as a second authentication factor. Since upgrading to the new 5.0 client for iOS, the client errors out on connection to the portal, indicating that the required certificate cannot be found. If I attempt to connect to the same portal via the 4.1 client, it works flawlessly. Upgrading to iOS12 prevents me from using the 4.1 client, and I fear that many of my customers' users will upgrade their own devices to iOS12, not knowing the problems this may cause.
Is anyone else having problems with user certificates and the new 5.0 client?
Thanks!
Mark Rosenecker
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 03:06 PM
This is expected, because of the way Apple changed the way certificates are handled in iOS 12 compared with 11 and older.
The new features guide talks about it under the "Authentication
The location of the certificates in iOS 11 is different than iOS 12, so you'll need to re-import the certs. The steps are different for admins who manage their devices with an MDM versus unmanaged devices.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 03:06 PM
This is expected, because of the way Apple changed the way certificates are handled in iOS 12 compared with 11 and older.
The new features guide talks about it under the "Authentication
The location of the certificates in iOS 11 is different than iOS 12, so you'll need to re-import the certs. The steps are different for admins who manage their devices with an MDM versus unmanaged devices.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 04:17 PM
For MDM based client certificate deployments, please refer to the following link for more details:
These changes were pre-announced in July 2018 on live articles and also as part of GP App 5.0 Beta program.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 07:07 PM
Thank you, gwesson! That was a very helpful post! I will re-import my certs and check again.
I had only become aware of the new client when the old client had an "update". When run on iOS 11, it exhibited the same problem (which makes sense, if it's looking in a non-existant location for the certs). I chalked it up to a .0 bug.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-17-2018 07:14 PM
Sarao,
I appreciate your reply, but there are a few things:
1) I'm not using an MDM, so that portion is not applicable to me (or my customers).
2) I never saw any pre-announcement about GP 5.0, and I'm a platinum partner, a CNSE (before it was called PCNSE) since 2012, and multiple-PSE certified engineer. I was also at SKO a few weeks ago as well, and I didn't hear a thing about it. Granted, I don't spend my days whiling away on Live Communities...
3) I obviously wasn't part of the beta program (otherwise I'd have found this problem long ago and resolved it).
Perhaps I was reading too much into your reply (it is 10pm, and I've been up since 3am), but there was a condescending tone to it that I did not appreciate. If I am wrong, I am sorry for my misinterpretation. If I am right, please exhibit more tact in the future, when addressing other professionals.
Thank you!
- Always connect on logon in GlobalProtect Discussions
- GlobalProtect certificate for IOS(apple) in GlobalProtect Discussions
- Panorama push errors None after upgrade in General Topics
- Azure SAML double windows to select account in GlobalProtect Discussions
- GlobalProtect average bandwidth usage per user in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
