I'am setting up global protect. The customer has a global sign certificate to use with the Global Protect. But I have to select the root ca in the Global Protect configuration. On the website from Global sign I can copy the certificate but can I import this in some way on the Palo Alto?
Or how should I do this?
Certificates can be imported from WebUI under Device tab > Certificates > Import Certificate.
If it is a PEM file then would you would require a separate key file to be imported along with the certificate. If it is a PKC12 file and since the key is inbuilt, only certificate import in that aspect should suffice.
Please refer to the following document from page 18-21 for configuring certificates in Global Protect. The rest of the document also gives you a very good illustration of Global Protect's working and configuration.
If you want to import certificate to Palo Alto device you can go under Device -> Certificate, then at the bottom you have Import, go ahead and import the cert and use it for GP. Let us know if this is what you wanted to know.
Yes I know how to import it. But question is where I could find from GlobalSign the right formatted file to import. Because I need to configure the root CA in the portal client config. But without it I think the Global protect was working yesterday.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!