Hello, I'm hoping someone can point out what I'm missing or doing wrong here. I've got a client with a Palo Alto PA-200 firewall running PAN-OS 6.1.22. VPN is configured correctly --I can connect to it using the GlobalProtect app from both my laptop (Win10) and Android phone, but from the client's iPhone (iOS 10.3.3), all I get is an error stating that the certificate is invalid. I know iOS 10.3 removed the ability to manually bypass invalid certificate warnings so here's what I've tried so far: 1. On the Palo Alto, I exported the certificate (as a Base64 Encoded Certificate (PEM) from Device -> Certificate Management -> Certificates, emailed the certificate to the client's email address, access that email from the iPhone, and imported the certificate. 2. On the iPhone, went into Settings -> General -> About -> Certificate Trust Settings and enabled full trust for the root certificate. Certificate shows as green/verified. 3. On the iPhone, re-created the VPN connection profile and attempted to connect, but received same error stating that GlobalPRotect could not verify the identity of <VPN server IP address>. The certificate shows as valid on the Palo Alto (i.e., not expired), so ... I know I'm missing something, but I'll be buggered if I know what it is. Any suggestions?
... View more