cancel
Showing results for 
Search instead for 
Did you mean: 

Who rated this post

L2 Linker

Hello TylerHay,

 

There are really no tricks...

Here's a working config I just did in my lab. It might give you an idea of what went wrong with your setup.

 

On the PA Firewall:

  • Create a CA root:
    Rievax_0-1601050933302.png

    No need to enter any other information as this is to create a self signed cert later

  • Now, create the self signed certificate. Make sure you signed it with the CA we just created. Enter at least the valid IP in the attributes to make this certificate valid:

    Rievax_1-1601051133513.png
  • You will end up with something similar:
    Rievax_2-1601051191317.png

     

  • Now, select the self-signed certificate (PA-UID-Cert in this case) and export it with the private key:
    Rievax_4-1601051308004.png

     

  • Now, create a certificate profile with no other information than the CA root that has been created:

    Rievax_5-1601051424446.png

  • Assign this Certificate profile too the "Connection Security" tab:
    Rievax_6-1601051530439.png

     

  • You can now add the user ID agent configuration:
    Rievax_7-1601051658048.png
  • Commit the changes.

 

On the UserID server:

  • Add the certificate :
    Rievax_8-1601051838947.png

     

  • Save and commit the changes...
  • Go to "User Identification". After a few seconds, it should change the status to connected:
    Rievax_9-1601051944044.png

     

  • On the PA side, it says the same:
    Rievax_10-1601052001004.png

     

Hope that helps!

R.

Who rated this post