- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-25-2024 04:39 AM
Hi Team,
Good day!
Global protect Android 13 version mobile users not connecting portal issue. Error shows "The network connection is unreachable, or the portal is unresponsive. Check the network connection and reconnect."
I have created self signed certificate and installed in the mobile but still same issue.following logs collected from Android mobile GP.log errors.
Note:its working IOS users and Android 12, 11 ,10versions
fingerprint=e2:f2:78:8a:de:bb:e7:54:c8:01:65:db:af:29:0f:c8:e5:5c:86:d7
(31135)01/25 14:20:49:44286 - checkServerTrusted: bVerifyServerCert true
(31135)01/25 14:20:49:44571 - checkServerTrusted: verify server cert now! certFilename=null, pass=xxx, revoke=true
(31135)01/25 14:20:49:44680 - verify it again CA file
(31135)01/25 14:20:49:46440 - checkServerTrustedAgainCAFile: TrustManager, size1
(31135)01/25 14:20:49:48474 - verified by system trusted credentials..
(31135)01/25 14:20:49:53441 - PanHttpsClient: 1738, found exception:javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000)
(31135)01/25 14:20:49:53596 - PanHttpsClient: server cert error
(31135)01/25 14:20:49:53709 - (l6)JNI,31216,228,after JNIGetHttpResponse, ret=Valid(31135)01/21 14:20:49:53812 - (l5)JNI,31216,316,not handled, ret=error, javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000), return NULL now
(31135)01/25 14:20:49:53908 - (l6)JNI,31216,7643,prelogin to portal result is
(null)
(31135)01/25 14:20:49:53955 - (l6)JNI,31216,7955,Failed to pre-login to the portal Ip address (public ip XX.Xx.Xx ) with return value 0(0).
(31135)01/25 14:20:49:54016 - (l6)JNI,31216,571,DestroyHTTPSession(31135)01/21 14:20:49:54056 - (l5)JNI,31216,10661,Portal config does not exist, try registry/plist
(31135)01/25 14:20:49:54130 - (l5)JNI,31216,8829,failed to retrieve value of the tag version.
(31135)01/25 14:20:49:54169 - (l5)JNI,31216,8844,Skip reading cached portal config.
(31135)01/25 14:20:49:54228 - (l6)JNI,31216,12503,No scep profile
(31135)01/25 14:20:49:54267 - (l6)JNI,31216,8860,portal status is Invalid portal.
08-20-2024 02:22 AM
This means that we need to create an child certificate under the parent one?
Yes, create a mycompanyROOTCA, and a mycompanyGLOBALPROTECT cert.
Do we need to install both Parent and Child Certificate on the android device?
No need to install, it can be pushed when connection to GP portal.
Or you can install ROOTCA on the android if you like.
11-19-2024 12:41 PM
Need to be on IOS version 11.1.x and then change teh TLS / SSL cert to read TLS version 1.3 and nt Max. There is a bug and it has been reported on it. Right now I am able to log in with the older IOS versions just not with the new version of Android IOS
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!