I too am having a similar issue. Setup a new portal/gateway with SAML auth. Want to do a HIP check for a valid machine certificate but not looking to do pre-logon. Machine Certificate is loaded in the Local Computer\Personal\Certifcates store per Palo instructions. Subject shows machine name. our domain.com. Problem is, when I open the GP Client GlobalProtect Settings and go to the Host Profile tab, all I see is the word "certificate" at the bottom of the left window with no information in the right window about the cert. As such, it is not sending it to the portal during the HIP submission process. Any thoughts as to why the GP client is not seeing the certificate info. Oddly, in the PanGPS.log file on the client, it says it found the machine cert in the machine store. Has the correct hash etc. Just is not passing it up to the portal. Any help would be appreciated.
... View more