Your connection is not private (Privacy error)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Your connection is not private (Privacy error)

L2 Linker

i am going to access PA firewall on the browser or Global protect its shows Your connection is not private (Privacy error) then I m clicking on proceed to unsafe then it's showing the main page. how to resolve this.

 

 

 

security certificate does not specify

Proceed to  (unsafe)

1 accepted solution

Accepted Solutions

L4 Transporter

Hi

 

You'll need 2 certificates to be added to the firewall then attached to both services.

 

1. The management interface comes by default with a self-signed certificate, and this is the error you see from chrome - alerting you to this fact. As long as the management interface is strictly on the internal LAN only (without outside access) I think the GP certificate is more urgent. Also, sometimes a valid certificate cannot be used, for example company.com external domain and company.local internal domain. This depends on a few factors.

2. GlobalProtect is a remote VPN - this really should use a valid certificate, preferably one you purchase from an SSL certificate vendor just like certificates for any web site.

 

You import both under Device -> Certificate Management -> Certificates.

Then create certificate profiles (you probably have one for GP if it is already configured) in which you assign the certificate.

Lastly, for the management you assign the certificate profile under Device->Setup->Management->'SSL/TLS Service Profile'.

For the GP assuming you have a certificate profile already just make note of the current certificate used in the profile and switch to the newly imported one.

Finally commit.

 

Note: Please create a configuration snapshot for backup before you start: Device->Setup->Operations->'Save named configuration snapshot'.

 

Shai

 

 

View solution in original post

3 REPLIES 3

L4 Transporter

Hi

 

You'll need 2 certificates to be added to the firewall then attached to both services.

 

1. The management interface comes by default with a self-signed certificate, and this is the error you see from chrome - alerting you to this fact. As long as the management interface is strictly on the internal LAN only (without outside access) I think the GP certificate is more urgent. Also, sometimes a valid certificate cannot be used, for example company.com external domain and company.local internal domain. This depends on a few factors.

2. GlobalProtect is a remote VPN - this really should use a valid certificate, preferably one you purchase from an SSL certificate vendor just like certificates for any web site.

 

You import both under Device -> Certificate Management -> Certificates.

Then create certificate profiles (you probably have one for GP if it is already configured) in which you assign the certificate.

Lastly, for the management you assign the certificate profile under Device->Setup->Management->'SSL/TLS Service Profile'.

For the GP assuming you have a certificate profile already just make note of the current certificate used in the profile and switch to the newly imported one.

Finally commit.

 

Note: Please create a configuration snapshot for backup before you start: Device->Setup->Operations->'Save named configuration snapshot'.

 

Shai

 

 

I have SSL certificate and this is we used for the website. can I use this same SSL certificate for global protect?

Can you provide a clear solution as far as i can't solve the issue with this way if you post some picture from configuration will help us to resolve the issue.

Thank you

  • 1 accepted solution
  • 5051 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!