Hi @Ezekoli Thanks for your response, but it's not quite what I'm asking. My query isn't about which type of certificate to use. When you create a certificate profile, you are able to select how the username field will be populated from the certificate (if for e.g. you are using the certificate as part of GlobalProtect authentication). The three options are Subject (which populates from the common name), Alternative Name (which populates from the Email or Principal Name depending on your choice) or None (which doesn't fill the username field at all). Everything I've read indicates that you can select a username field to add security to that process, i.e. I've got a username and password but I don't have a cert, I can't use another user's certificate if I had to get hold of one or I can't use another users machine to log on with my credentials. But if you don't need or want that extra level of security, you should be able to select "None". However, when I do that, I get commit failures. This is the issue I would like to address - why does the firewall fail to commit if there is no option selected for the username field on the certificate profile.
... View more