01-16-2023 02:57 PM
Hi @Sudhir ,
The error message you receive says that your GlobalProtect agent, doesn't trust the SSL server certificate presented by your GP gateway.
It is very likely you are using self-signed certificate on the FW for the GP gateway. This means that the CA (certificate authority) used to generate the server certificate used by the GP gateway is not public, or at least is not trusted by default by your Ubuntu client.
To be honest I don't have lot of experience with GlobalProtect on Linux (actually non), so I am not sure what certificate store will GP use on Ubuntu. But after little googling , it seems you need to import the CA cert (only the cert, no need for key) that used to create server cert for the GP gateway to the Ubuntu client in the following steps:
- import the CA in /usr/local/share/ca-certificates.
- execute update-ca-certificates (you may need sudo for that)
- above command should put the imported cert to the /etc/ssl/certs directory.
After that you can try to reconnect to GlobalProtect
