IOS Global Protect APP - Required Client Certificate is not found

Reply
Highlighted
L1 Bithead

IOS Global Protect APP - Required Client Certificate is not found

Hi l am trying to configure the IOS App with our PA 2050 and l am getting the message :

Gateway " IP Address " : Required Client certificate is not found

I have installed a 30 Day Trial license of the Gateway to test this but still the same error message..  Do l need to import a security certificate to the IOS iphone ?

Thanks Simon


Accepted Solutions
Highlighted
L3 Networker

Hi,

Looks like the device does not have a client cert installed. Export the client cert with the private key, import it and install it on your client.

I suppose you have mentioned the Root CA correctly in the client cert profile ( The CA that was used to sign the server and client certs )

Deepak

View solution in original post


All Replies
Highlighted
L5 Sessionator

do you have client certificate configured under portal and a client certificate profile under gtwy

Highlighted
L7 Applicator

The certificate in the Global Protect Portal Configuration is the cert that the portal will give out to Clients. The Client Certificate Profile is what is telling the Global Protect that the Client Certificate is required for connection to Global Protect. Basically the Client Certificate Profile is another form of authentication to be used with or in place of the Authentication Profile. So, please verify client cert configuration under GP portal and client cert profile under the gateway.

Thanks

Subhankar

Highlighted
L1 Bithead

Under Portal l have got a client certificate configured, but under Global Protect Gateway, General,  there is no Client Certifcate option only Certificate Profile which l have configured aswell..

Anything else you want me to check or reconfigure ?

Highlighted
L3 Networker

Hi,

Looks like the device does not have a client cert installed. Export the client cert with the private key, import it and install it on your client.

I suppose you have mentioned the Root CA correctly in the client cert profile ( The CA that was used to sign the server and client certs )

Deepak

View solution in original post

Highlighted
L1 Bithead

Thanks importing the certificate to the phone and reconnecting has solved the problem..

:smileyhappy:

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!