11-15-2022 09:08 PM
I am trying to use Global Protect VPN on my Linux Machine (Ubuntu 22.04.1 LTS).
But whenever I try to connect I get the following error:
I am not able to understand what is the exact issue.
01-16-2023 02:57 PM
Hi @Sudhir ,
The error message you receive says that your GlobalProtect agent, doesn't trust the SSL server certificate presented by your GP gateway.
It is very likely you are using self-signed certificate on the FW for the GP gateway. This means that the CA (certificate authority) used to generate the server certificate used by the GP gateway is not public, or at least is not trusted by default by your Ubuntu client.
To be honest I don't have lot of experience with GlobalProtect on Linux (actually non), so I am not sure what certificate store will GP use on Ubuntu. But after little googling , it seems you need to import the CA cert (only the cert, no need for key) that used to create server cert for the GP gateway to the Ubuntu client in the following steps:
- import the CA in /usr/local/share/ca-certificates.
- execute update-ca-certificates (you may need sudo for that)
- above command should put the imported cert to the /etc/ssl/certs directory.
After that you can try to reconnect to GlobalProtect
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
