- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-11-2020 07:23 PM - edited 11-11-2020 08:12 PM
We got certificate tree like this:
the public certificate (Trusted root CA) from Digicert, Intermediate cert (Digi root) and then the SSL/TLS cert (DigiVPN). This DigiVPN is going to expire soon and we use it for GP portal and GW. The server cert is by itself and got a tick next to CA column. It is valid till 2023 and used as cert profile in GP.
Just want to know if DigiVPN certificate has to be installed on each client/end machines or only required to be updated/renewed on Panorama.
Thanks in advance.
11-12-2020 02:52 PM
Hello,
The certificate just needs to be trusted by the client machine. So as long as the client has a way to validate it, in this case reaching out to DIgiCert, you should be OK. Meaning you dont have to install it on every client. When it expires, just renew it and install it on the PAN and change the config on the PAN to use the new cert.
Hope that helps.
11-12-2020 02:52 PM
Hello,
The certificate just needs to be trusted by the client machine. So as long as the client has a way to validate it, in this case reaching out to DIgiCert, you should be OK. Meaning you dont have to install it on every client. When it expires, just renew it and install it on the PAN and change the config on the PAN to use the new cert.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!