So for about the last month (just before xmas) we seem to be having certificate errors for our wildcard cert. Its a wildcard purchased from instantSSL. (sectigo) when using it with global protect client.
It works fine on windows machines. Just seems to be chromebooks and phones. When you go to connect it prints the error "Gateway XXX: The server certificate is invalid. Please contact your IT administrator"
chromebook was restored to factory defaults. Global protect client is from the play store and is version 5.2.4-14 on my test device.
In the logs, i am able to see the following:
(1769)01/18 15:10:57:74295 - PanHttpsClient: 1738, found exception:javax.net.ssl.SSLHandshakeException: Certificate expired at Sat May 30 03:48:38 PDT 2020 (compared to Mon Jan 18 15:10:57 PST 2021)
(1769)01/18 15:10:57:74340 - PanHttpsClient: server cert error
However when i inspect the certificate on the website portal, it says valid till 2022 at a completely different date... So where does this panhttps certificate live? Is there multiple certificates? And also in the same log, it appears to be using this certificate with info as below, clearly valid...
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Not Before: Dec 4 00:00:00 2019 GMT
Not After : Mar 7 00:00:00 2022 GMT
Wow thanks man, yes that does explain it!
how to resolve though? Can i just install this on the server? i wont be able to update peoples personal phones obviously. Chromebooks i dont know...
"You may need to update any such systems to include more modern roots if it’s possible to do so."
Does it mean the clients need to be updated, or the palo alto firewall needs it?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!