For details on cookie usage on our site, read our Privacy Policy
SSL Certificate for Global Connect
- LIVEcommunity
- Discussions
- General Topics
- SSL Certificate for Global Connect
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
SSL Certificate for Global Connect
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-10-2019 01:04 AM
Hi All,
I have a users who plan to connect their phones (To use a soft phone app for the PABX) and laptops to the internal network from outside, i have setup the global connect gateway and portal and tried to use self signed cert but it is not working, now i need to use a CA to generate a signed certificate and i have two questions:
1. Which CA do you recommend if you have do this before?
2. Should i have root and identity certificates?
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-11-2019 03:00 PM
Where are you using the self-signed cert? For what function?
Popular public CAs are Comodo, Digicert and Godaddy. Any of these should already be included as a trusted root cert authority on your endpoints.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-13-2019 02:43 AM
I have tried to use self signed cert instead of using a signed one from a public CA, but the phones refused to connect.
What kind of certificates should i import? Root and Intermediate ? Does the public CA provide me the root and the intermediate certificates?
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-13-2019 08:44 AM
If it's self-signed by the PA, you would have to distribute the root cert from the PA to all of the phones. The problem is the phones don't trust the identity cert presented because they don't trust the CA that issued it.
Are the phones typical mobile phones? If you purchase a cert from a trusted authority, you shouldn't need to worry about distributing any root or intermediate certs to the phones. They should already have those in their trusted authority store.
Public CAs do have root and intermediate certs available for download so you can install them on devices/appliances that don't have built-in stores.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-14-2019 05:28 AM
Thanks @rmfalconer yes the phones are cell phones (Samsung, iPhone...etc), i will use GoDaddy to generate my certificate.
Will Godaddy provide me with a root and intermediate certificates because they told me that they provide root certificate only? Do i need to import the root and the intermediate certificates to Paloalto firewall and what is the difference between root and intermediate ?
- Prisma SASE Mobile Users - Global Protect in GlobalProtect Discussions
- Mac devices unable to authenticate to Global Protect in GlobalProtect Discussions
- GlobalProtect certificate for IOS(apple) in GlobalProtect Discussions
- Panorama push errors None after upgrade in General Topics
- Azure SAML double windows to select account in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
