This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with Certificate install on Apple Silicon Laptops and the workaround I found.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with Certificate install on Apple Silicon Laptops and the workaround I found.

Andrew_Wilson
L0 Member

‎07-21-2023 06:13 AM

Good Morning Folks,

 

I've run into an interesting issue. My ISP forced a change to the static IP for one of my sites with a PA-220 running 10.2.3-h2. This resulted in changes to both my public IP and my GP portal IP.  When I finished changing them, traffic was flowing, my site to site VPN tunnels were happy, and I tested GP portal on My Windows 11 laptop, a linux laptop, and an intel mac running Ventura. All 3 were able to connect after updating the portal IP, and then signing out and back in of the GP client (windows just needed you to hit the refresh connections from the hamburger menu and didn't require a full sign in/out). 

 

So I sent out an email directing my users to do the same. 

 

Shortly after, the tickets started coming from users with apple silicon processors (M1/M2) with OSX Ventura. They could not get connected to the new IP. Their connections to other sites were still working fine. 

 

The error message was: Gateway unavailable or unresponsive. Check the network connection and reconnect.

 

So I remote into one of their machines to rule out user error and it wasn't user error. 

 

I went to the web portal, had the user sign in, and downloaded the GP installer. Ran the uninstaller, reinstalled, and still had no luck. I noticed at this point that the newly downloaded installer didn't have the portal IP, and wasn't installing a new certificate to neither the user nor the system keychain, and wasn't removing the old cert. 

 

I ran the uninstaller again, manually deleted the GP certs, manually deleted the plists, and then reinstalled GP again. It was still unable to connect with the same error message. 

 

I went into the firewall for that site and changed the version of the GP client from 5.2.6 to 6.0.5, uninstalled the old client and installed the new client. During the installation there was a change. There was now an added dialog box requesting the users local password to make changes to the certificate store. After this installation the user was able to connect again without any errors. 

 

 

Thanks! Hope this can help someone else. 

0 Likes Likes
0 REPLIES 0
  • 814 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks