One of my setup with client certificate authentication in gateway was working fine. For some reason, it gives me 'Required client certificate not found. Please contact your IT administrator' error. The certificate is available in the client machine certificate store and PanGPS.log shows it is able to identify the same. But After which it fails and displays the error. -------------------PanGPS.log-------------- (T1784)Debug( 859): 04/20/21 14:04:39:531 Opened machine store (T1784)Debug( 872): 04/20/21 14:04:39:531 Skipped cert Policy Manager STS issued by Policy Manager STS sha1 hash is d9 7b 5c d6 a7 18 ac 55 31 63 38 8a 9a e3 9b 4f 33 1a 71 2f (T1784)Debug( 872): 04/20/21 14:04:39:531 Skipped cert Policy Manager issued by Policy Manager sha1 hash is 74 b3 29 db fd d2 57 3a e6 37 ed a8 d8 fc 90 ca 77 c0 c1 00 (T1784)Debug( 872): 04/20/21 14:04:39:531 Skipped cert *.pom.local issued by *.pom.local sha1 hash is 56 87 23 33 cd 2d 17 0a 00 57 8b 56 13 76 fd 0d c6 3e 13 55 (T1784)Debug( 868): 04/20/21 14:04:39:531 Found the cert GPA_Windows_Client issued by POM_Client_VPN sha1 hash is 51 84 70 a8 99 3d e9 9b 0f f8 28 ec 6d ac 5b 79 ea b1 de 46 in machine store (T1784)Debug( 874): 04/20/21 14:04:39:531 Finished searching machine store. (T1784)Debug(1016): 04/20/21 14:04:39:531 PrepareRequest, m_pMachineCertCtx is 000001E3BA0921F0... (T1784)Debug(1024): 04/20/21 14:04:39:532 WinHttpOpenRequest... (T1784)Debug( 442): 04/20/21 14:04:39:532 CPanHTTPSession::PostRequest: WinHttpSendRequest... (T1784)Debug( 453): 04/20/21 14:04:39:743 bResults=1, g_dwStatus = 00000000 (T1784)Debug( 675): 04/20/21 14:04:39:748 Server <portal fqdn> cert chain has been created. (T1784)Debug( 689): 04/20/21 14:04:39:748 Server <portal fqdn> cert verification passed (T1784)Debug( 721): 04/20/21 14:04:39:748 Check server certificate revocation returns TRUE (T1784)Debug( 475): 04/20/21 14:04:39:748 CPanHTTPSession::PostRequest: WinHttpReceiveREsponse... (T1784)Debug( 487): 04/20/21 14:04:39:748 CPanHTTPSession::PostRequest: WinHttpQueryHeaders... (T1784)Debug( 369): 04/20/21 14:04:39:748 Content-length: 529 (T1784)Info (1220): 04/20/21 14:04:39:748 download data success (T1784)Debug( 530): 04/20/21 14:04:39:748 CPanHTTPSession::SendRequest: WinHttpQueryHeaders... (T1784)Debug(3590): 04/20/21 14:04:39:748 Login to gateway (null) <--portal fqdn--> without ipv6 (T1784)Debug(10948): 04/20/21 14:04:39:748 StopCaptivePortalDetection() captive portal detection is in progress (T5056)Debug(5039): 04/20/21 14:04:39:748 CaptivePortalDetectionThread: IsDetectingCaptivePortal=0, PreLoginIsDone=1 (T5056)Debug(5016): 04/20/21 14:04:39:748 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event. (T1784)Debug(3620): 04/20/21 14:04:39:748 Pre-login response is <?xml version="1.0" encoding="UTF-8" ?> <prelogin-response> <status>Error</status> <ccusername></ccusername> <autosubmit></autosubmit> <msg>Valid client certificate is required</msg> <newmsg>Required client certificate not found. Please contact your IT administrator.</newmsg> <license>yes</license> <authentication-message>Enter login credentials</authentication-message> <username-label>Username</username-label> <password-label>Password</password-label> <panos-version>1</panos-version><region>AE</region> </prelogin-response> ---------------PanGPS.log-------------- I even tried generating new certificate from same CA and imported in client machine/user store, it didnt work. Root CA is already there in the trusted CA store. Anybody encountered the same?, any solution.
... View more