iPhone 12 pro max iOS 14.3.2 Cert issue for global protect

cancel
Showing results for 
Search instead for 
Did you mean: 

iPhone 12 pro max iOS 14.3.2 Cert issue for global protect

L0 Member

I have been trying to get this to work for days not and I am not getting anywhere. I always seem to struggle with certs due to how they are chained.

On my Palo I have a rootca (self-signed, certificate authority), intermediateca (issued by rootca, and also certificate authority), then I cut a cert called gp-cert (issued by intermediateca, non certificate authority).

My cert profile includes the intermediateca and the SSL/TLS SP includes the gp-cert.

I have downloaded the intermediateca cert without private key in PEM format and exported the gp-cert with private key in PSK12 format.

My DNS name for my gatway/portal lets say is vpn.company.com

vpn.company.com is the CN for the gp-cert

I upload these to my iPhone11 and when I attempt to connect I get an error:

Cannot verify server identity

There is a problem with the security certificate. The identity of vpn.company.com cannot be verified.

My options are cancel or detail.

Detail gives me the certificate details and thats it.

I always remember I could click continue when this happens so did something change in iOS or is this an issue with my certs and how I have them chained or exported, or even signed?

Thank

1 ACCEPTED SOLUTION

Accepted Solutions

L3 Networker

Hi

 

Please verify that the certificates do not exceed 825 days validity (from not-before until not-after).

Reference:

https://support.apple.com/en-us/HT210176

 

Shai

View solution in original post

1 REPLY 1

L3 Networker

Hi

 

Please verify that the certificates do not exceed 825 days validity (from not-before until not-after).

Reference:

https://support.apple.com/en-us/HT210176

 

Shai

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!