Global protect gateway error - Invalid cert

cancel
Showing results for 
Search instead for 
Did you mean: 

Global protect gateway error - Invalid cert

L0 Member

The global protect was able to connect to all of the gateways. Since last week the global protect is showing error "The server certificate is invalid. Please contact your IT administrator"

However, when i'm switching to a different ISP provider i'm able to connect to the same gateways.

 

Global protect - 5.2.6

PAN-OS - 9.1.8

2 REPLIES 2

L1 Bithead

Hi @BipinK 

The error ideally refers to that there is something wrong with the certificate which is received, for example, the FQDN/IP which GlobalProtect is connecting is not reflecting under the SAN/Common Name, expired certificate etc.
Would mind taking a packet capture to check what certificate is offered in the SSL handshake? Has the different ISP test been tried from the same machine?
Just for a sanity check, have you confirmed that there is no decryption taking place between the client and the GP Portal?

L0 Member

This error indicates there is a problem with the server certificate due to the following reasons: The server certificate is not valid. To resolve, go to Network > GlobalProtect > GlobalProtect > Gateways > General and select the gateway. There is a server certificate that became invalid or expired. regards aostv team

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!