12-16-2019 05:22 PM
Hello,
I've been unable to get my HIP check to work when checking for attributes in a machine certificate. Other HIP checks do work. I'm using my root cert for the Certificate Profile. I don't have/use a intermediate cert as this is a lab. Some of the things I've tried.
1. I configured a certificate profile with the root cert.
2. Portal > Agent > Config Selection Criteria > Device Checks. I selected the root cert profile.
3. Portal > Agent > App > Machine cert is selected.
4. Portal > Portal Data Collection > Certificate Profile my root cert profile.
5. Portal > Agent - "Collect HIP Data" is selected.
I'm verifying the HIP checks using HIP Notification under the Gateway Agent. Like I said, my other HIP checks are working. Opening the GlobalProtect settings on a laptop and viewing Host Profile, shows the machine name under "Certificate". The right side of the screen shows the certificate in the form -----BEGIN CERTIFICATE----.......
I'm using 9.0.3h3 and GP client 5.0.5.
Thanks
