01-22-2021 11:24 AM
I'm trying to setup a GlobalProtect On-Demand environment.
The portal uses an LDAP server profile for authentication and has been validated to be working fine.
I intend to configure the gateway to use a combination of RADIUS and certificate profile to authenticate. I've confirmed that authentication works without the certificate profile.
My understanding is that certificate based authentication for the "on-demand" mode works only if the certificates are user certificates (i.e. installed in the user store).
I've a PKI infrastructure in the environment that is pushing out certificates to the users. I do not intend to go down the SCEP configuration for this deployment.
So far I've not been successful to get certificate profile.
I'm greeted by the "Required client certificate not found" error.
I've tried to play with different options on the certificate profile like subject, subject alt-name, principal name, email, etc.
FYI... I have the PKI root CA and intermediate CAs already included in my certificate profile.
I wanted to know if anyone has this successfully working in this fashion using "On-demand" mode.
01-30-2021 10:35 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!