Trying to setup new config for pre-logon, seems to be not working. I am getting machine certificate null error.
First i was using internal PKI but then i found this KB and i was hitting the same issue.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClR8CAK
I then tried to setup with self generated certs, while i have asked the system admin team to add subject info, but still having same issue.
Below are portal config screenshots, i don't know what i am missing. PANOS 9.0.8, GP 5.1.4
External Gateways in both agent configs point to same public fqdn/ip
I have also tried selecting both options below
Server Authentication below uses public cert, while certificate profile use self generated root CA on firewall.
Below are the local root CA and profile screenshots
Certificate imported in to personal store of local machine, generated on firewall.
On reinstall of Agent it asks to select certificate which is this that i select and get not authorized message.
Also imported root certificate from firewall in trusted certs.
@MP18 As per your suggestion i have made below changes. new root > inter > sever cert created
Included them in server profile used in Gateway authentication config tab
exported and imported rajv-test.xxx.yyy.ca from firewall into Windows local store.
reinstalled GP and tried connection, same result. Null with not authorized.
And this time i did not see any popup from GP for which cert to use from the local store.
Am i generating machine cert rajv-test right, do i need to include server-test cert somewhere.
