- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-18-2021 02:46 PM
Dear Community!
We have upgraded the macOS to Big Sur and the users fail to connect to the GP gateway due to server cert verification failed
P 474-T17783 08/16/2021 14:25:34:351 Debug(1042): Trust evaluation properties (
{
error = "Host name mismatch";
title = "xyz.xyz.xyz.xyz";
}
)
P 474-T17783 08/16/2021 14:25:34:351 Debug(1041): Hostname xyz.xyz.xyz.xyz doesn't match sub alt name or no sub alt name, fallback to CN
P 474-T17783 08/16/2021 14:25:34:351 Debug(1077): Hostname xyz.xyz.xyz.xyz match xyz.xyz.xyz.xyz
.............
P 474-T17783 08/16/2021 14:25:34:353 Debug(1042): Trust evaluation properties (
{
error = "CSSMERR_TP_CERT_SUSPENDED";
title = "xyz.xyz.xyz.xyz";
}
)
P 474-T17783 08/16/2021 14:25:34:353 Error( 667): Server trust evalutaion failed: 5
..................
P 474-T19519 08/16/2021 14:25:34:353 Error( 532): Connection error Error Domain=NSURLErrorDomain Code=-999 "cancelled"
..............
P 474-T19519 08/16/2021 14:25:34:353 Debug( 482): error detail is Server cert verification failed
..............
P 474-T19519 08/16/2021 14:25:34:353 Debug(5567): Show Gateway Ext-GW: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect
I have read the following article:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HB5rCAG
But GP was working fine with macOS 10.15 having the same certificates.
+ Did you expierence the same issue with Big Sur?
Thank you!
08-19-2021 07:01 AM - edited 08-19-2021 07:04 AM
Hi
Please verify that the certificates do not exceed 825 days validity (from not-before until not-after).
Reference:
https://support.apple.com/en-us/HT210176
I've had this happen for 2 customers 😞
Shai
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!