For details on cookie usage on our site, read our Privacy Policy
GlobalProtect On-Demand using authentication profile and user certificate from PKI on gateway
- LIVEcommunity
- Discussions
- Network Security
- GlobalProtect Discussions
- GlobalProtect On-Demand using authentication profile and user certificate from PKI on gateway
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-22-2021 11:24 AM
I'm trying to setup a GlobalProtect On-Demand environment.
The portal uses an LDAP server profile for authentication and has been validated to be working fine.
I intend to configure the gateway to use a combination of RADIUS and certificate profile to authenticate. I've confirmed that authentication works without the certificate profile.
My understanding is that certificate based authentication for the "on-demand" mode works only if the certificates are user certificates (i.e. installed in the user store).
I've a PKI infrastructure in the environment that is pushing out certificates to the users. I do not intend to go down the SCEP configuration for this deployment.
So far I've not been successful to get certificate profile.
I'm greeted by the "Required client certificate not found" error.
I've tried to play with different options on the certificate profile like subject, subject alt-name, principal name, email, etc.
FYI... I have the PKI root CA and intermediate CAs already included in my certificate profile.
I wanted to know if anyone has this successfully working in this fashion using "On-demand" mode.
- What certificate fields or options did you use?
- What certificate profile options did you leverage?
- Any interesting scenarios you ran in your deployment?
- GlobalProtect authentication with NPS Plugin to Azure MFA problems in GlobalProtect Discussions
- policy to only allow specific Host-ID auth thru GlobalProtect. in GlobalProtect Discussions
- Globalprotect Authentication Failure message occur in GlobalProtect Discussions
- Configure GlobalProtect Pre-Logon using SAML authentication with Azure MFA in GlobalProtect Discussions
- Issue using MFA in GlobalProtect ) in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
