GlobalProtect iOS Certificate issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect iOS Certificate issue

L2 Linker



  I’m in the middle of trying to make a gateway for iOS devices and I’m having an issue. I use MobileIron to push out the config and it uses an MI SCEP cert; I’ve added the MI SCEP CA to the PAN device and set it up as the auth profile. If I only do UN/PW I have no issue but as soon as I add cert requirement, the iPhone GP app has an error and if I check the PAN traffic log I see my phone IP traffic behind denied with a session end reason as “decrypt-cert-validation.”  Based on what I have been able to read, this might be due to a cert not being X509 compliant.


Can anyone help me understand what specifically is required in the cert or does anyone have any experience with this issue/config?


 Thanks in advance. 


L2 Linker


not sure if this is related to your issue but I had problems with iOS clients when the portal certificate was valid for more than one year.

I don't have the link at hand, but basically Apple doesn't accept any certificates with a validity longer than one year.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!