This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

server certificate is invalid on chromebooks and phones

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

server certificate is invalid on chromebooks and phones

CertInvalid
L0 Member

‎01-18-2021 03:35 PM

So for about the last month (just before xmas) we seem to be having certificate errors for our wildcard cert. Its a wildcard purchased from instantSSL. (sectigo) when using it with global protect client.

 

It works fine on windows machines. Just seems to be chromebooks and phones. When you go to connect it prints the error "Gateway XXX: The server certificate is invalid. Please contact your IT administrator"

 

chromebook was restored to factory defaults. Global protect client is from the play store and is version 5.2.4-14 on my test device.

 

In the logs, i am able to see the following:

 

(1769)01/18 15:10:57:74295 - PanHttpsClient: 1738, found exception:javax.net.ssl.SSLHandshakeException: Certificate expired at Sat May 30 03:48:38 PDT 2020 (compared to Mon Jan 18 15:10:57 PST 2021)
(1769)01/18 15:10:57:74340 - PanHttpsClient: server cert error

 

However when i inspect the certificate on the website portal, it says valid till 2022 at a completely different date... So where does this panhttps certificate live? Is there multiple certificates? And also in the same log, it appears to be using this certificate with info as below, clearly valid... 

 

Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Validity
Not Before: Dec 4 00:00:00 2019 GMT
Not After : Mar 7 00:00:00 2022 GMT

 

Any ideas?

0 Likes Likes
2 REPLIES 2

JoergSchuetter
L4 Transporter

‎01-18-2021 11:20 PM

Hello @CertInvalid 

 

please see https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT

0 Likes Likes

CertInvalid
L0 Member
In response to JoergSchuetter

‎01-19-2021 08:00 AM

Wow thanks man, yes that does explain it!

 

how to resolve though? Can i just install this on the server? i wont be able to update peoples personal phones obviously. Chromebooks i dont know... 

 

"You may need to update any such systems to include more modern roots if it’s possible to do so."

Does it mean the clients need to be updated, or the palo alto firewall needs it?

0 Likes Likes
  • 3264 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks