Our GP VPN Portal and Gateway Certificate had expired recently. When we created an new self signed certificate on Palo Alto firewall and mapped it to GP VPN Portal and Gateway.
We are able to connect to portal and Gateway and it is working fine for windows and Android device.
But when we try to connect to GP Portal through IOS device we are successfully authenticated into the portal but not able to connect to Gateway.
Checked the GP Logs collected from the Apple IOS Device and could see the Portal authentication is being succeeded and connected. HIP report is also being send by the IOS device but the IOS device is not establishing connectivity to the Gateway and showing the below error:
Checked some documentation and came to know IOS device will only establish connectivity with an server if the certificate met some requirements set by apple.
Ensure that the SSL cert has a SAN (Host Name in Certificate attributes) that matches the CN/FQDN. Make sure the Cert follows Apple's req's, including the validity <=825 days. Add the Root Certificate to the Apple device trust store (you can email yourself the root cert and open it on the iPhone to get it into your trust store via profiles). Then Follow Abdul-Fattah's recommendation to trust the self-signed Root.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!