Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

certificate format from CA to clients and GP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

certificate format from CA to clients and GP

L4 Transporter

Hello Team

 

Our GP is running with users authenticating via AD account

 

Now we are rolling out Machine certificate via Group Policy from our Microsoft CA server to all the Domain clients

 

and then the goal is to enable certificate check in addition to AD authentication for Global protect corporate users

 

My question is when Microsoft CA issues certifciate , in which format they get stored on user machine - PKCS or pfix ; how to check ?

 

Do GP support all the formats ?    this is important because this is huge rollout of 1000 CLIENTS

2 REPLIES 2

Cyber Elite
Cyber Elite

@FWPalolearner,

As long as the certificate is imported into the machine store and GlobalProtect is configured to search the machine store this will work perfectly fine. Keep in mind that windows will generally keep anything with a private key in PFX format, but really all PFX means is that it's using PKCS#12. This is really easy to deploy, and as long as you have the certificate in the machine store and the firewall has a properly configured certificate profile assigned it'll "just work". 

 

The only gotcha that you should keep in mind with this change is that by default the agent option is set to search both the machine and user certificate stores. If you aren't setup to handle users will user certificates, you'll want to ensure that you have the agent configured to look solely at the machine store. 

@BPry  Thanks a lot .

 

Any way to check what is the format ?

I believe all certificates are X.509

 

these PKCS or PFX are file format

  • 2244 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!