08-24-2021 10:48 PM
The global protect was able to connect to all of the gateways. Since last week the global protect is showing error "The server certificate is invalid. Please contact your IT administrator"
However, when i'm switching to a different ISP provider i'm able to connect to the same gateways.
Global protect - 5.2.6
PAN-OS - 9.1.8
08-24-2021 11:22 PM
Hi @BipinK
The error ideally refers to that there is something wrong with the certificate which is received, for example, the FQDN/IP which GlobalProtect is connecting is not reflecting under the SAN/Common Name, expired certificate etc.
Would mind taking a packet capture to check what certificate is offered in the SSL handshake? Has the different ISP test been tried from the same machine?
Just for a sanity check, have you confirmed that there is no decryption taking place between the client and the GP Portal?
08-25-2021 05:24 AM
This error indicates there is a problem with the server certificate due to the following reasons: The server certificate is not valid. To resolve, go to Network > GlobalProtect > GlobalProtect > Gateways > General and select the gateway. There is a server certificate that became invalid or expired. regards aostv team
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
