11-10-2019 01:04 AM
Hi All,
I have a users who plan to connect their phones (To use a soft phone app for the PABX) and laptops to the internal network from outside, i have setup the global connect gateway and portal and tried to use self signed cert but it is not working, now i need to use a CA to generate a signed certificate and i have two questions:
1. Which CA do you recommend if you have do this before?
2. Should i have root and identity certificates?
11-11-2019 03:00 PM
Where are you using the self-signed cert? For what function?
Popular public CAs are Comodo, Digicert and Godaddy. Any of these should already be included as a trusted root cert authority on your endpoints.
11-13-2019 02:43 AM
I have tried to use self signed cert instead of using a signed one from a public CA, but the phones refused to connect.
What kind of certificates should i import? Root and Intermediate ? Does the public CA provide me the root and the intermediate certificates?
11-13-2019 08:44 AM
If it's self-signed by the PA, you would have to distribute the root cert from the PA to all of the phones. The problem is the phones don't trust the identity cert presented because they don't trust the CA that issued it.
Are the phones typical mobile phones? If you purchase a cert from a trusted authority, you shouldn't need to worry about distributing any root or intermediate certs to the phones. They should already have those in their trusted authority store.
Public CAs do have root and intermediate certs available for download so you can install them on devices/appliances that don't have built-in stores.
11-14-2019 05:28 AM
Thanks @rmfalconer yes the phones are cell phones (Samsung, iPhone...etc), i will use GoDaddy to generate my certificate.
Will Godaddy provide me with a root and intermediate certificates because they told me that they provide root certificate only? Do i need to import the root and the intermediate certificates to Paloalto firewall and what is the difference between root and intermediate ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!