About Glossome

Hello,     I'm hoping someone can point out what I'm missing or doing wrong here.     I've got a client with a Palo Alto PA-200 firewall running PAN-OS 6.1.22.  VPN is configured correctly --I can connect to it using the GlobalProtect app from both my laptop (Win10) and Android phone, but from the client's iPhone (iOS 10.3.3), all I get is an error stating that the certificate is invalid.  I know iOS 10.3 removed the ability to manually bypass invalid certificate warnings so here's what I've tried so far:   1. On the Palo Alto, I exported the certificate (as a Base64 Encoded Certificate (PEM) from Device -> Certificate Management -> Certificates, emailed the certificate to the client's email address, access that email from the iPhone, and imported the certificate.   2. On the iPhone, went into Settings -> General -> About -> Certificate Trust Settings and enabled full trust for the root certificate.  Certificate shows as green/verified.   3. On the iPhone, re-created the VPN connection profile and attempted to connect, but received same error stating that GlobalPRotect could not verify the identity of <VPN server IP address>.     The certificate shows as valid on the Palo Alto (i.e., not expired), so ... I know I'm missing something, but I'll be buggered if I know what it is.  Any suggestions? ... View more