iPhone 11 iOS 14.1 Cert issue for global protect

Reply
Highlighted
L3 Networker

iPhone 11 iOS 14.1 Cert issue for global protect

I have been trying to get this to work for days not and I am not getting anywhere. I always seem to struggle with certs due to how they are chained. 

 

On my Palo I have a rootca (self-signed, certificate authority), intermediateca (issued by rootca, and also certificate authority), then I cut a cert called gp-cert (issued by intermediateca, non certificate authority). 

 

My cert profile includes the intermediateca and the SSL/TLS SP includes the gp-cert. 

 

I have downloaded the intermediateca cert without private key in PEM format and exported the gp-cert with private key in PSK12 format.

 

My DNS name for my gatway/portal lets say is vpn.company.com

 

vpn.company.com is the CN for the gp-cert

 

I upload these to my iPhone11 and when I attempt to connect I get an error:

 

Cannot verify server identity

There is a problem with the security certificate. The identity of vpn.company.com cannot be verified. 

 

My options are cancel or detail.

 

Detail gives me the certificate details and thats it. 

 

I always remember I could click continue when this happens so did something change in iOS or is this an issue with my certs and how I have them chained or exported, or even signed? 

 

 

Highlighted
L1 Bithead

Hello,

 

Please check if your certificate adheres to these requirements: https://support.apple.com/en-us/HT210176

 

- DM

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!