I have a users who plan to connect their phones (To use a soft phone app for the PABX) and laptops to the internal network from outside, i have setup the global connect gateway and portal and tried to use self signed cert but it is not working, now i need to use a CA to generate a signed certificate and i have two questions:
1. Which CA do you recommend if you have do this before?
2. Should i have root and identity certificates?
If it's self-signed by the PA, you would have to distribute the root cert from the PA to all of the phones. The problem is the phones don't trust the identity cert presented because they don't trust the CA that issued it.
Are the phones typical mobile phones? If you purchase a cert from a trusted authority, you shouldn't need to worry about distributing any root or intermediate certs to the phones. They should already have those in their trusted authority store.
Public CAs do have root and intermediate certs available for download so you can install them on devices/appliances that don't have built-in stores.
Thanks @rmfalconer yes the phones are cell phones (Samsung, iPhone...etc), i will use GoDaddy to generate my certificate.
Will Godaddy provide me with a root and intermediate certificates because they told me that they provide root certificate only? Do i need to import the root and the intermediate certificates to Paloalto firewall and what is the difference between root and intermediate ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!