UserID Agent version 9.0.5-8 Firewall 9.0.8 Windows Server 2016 UserID Agent Servers x2 I've tried following this guide and numerous others (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGFCA0) Keep getting 'Failed to validate client certificate, thread : 1 , 5-10054!' as shown at the very bottom of the aforementioned support article and seeing SSL failures in the system log of the firewall. I've tried generating the cert about a hundred different ways and formats on the server/firewall, and I still get the issue. I've tried using IP, FQDN, Subject-Alternative-Name including IP, Hostname, FQDN, one all or any. Port 5007 is open and the server worked previously. Now my certificate is stuck in the User-ID software and I cant delete it or use the server any longer with the firewall for regular user ID which is annoying. There is no delete/remove button to take the cert back out of the software so I pretty much have to get this working now as I'm down to 1 User-ID box. At this point I'm missing something fundamental, like a check box on the firewall or some hidden thing. I've installed certificates for Decrypt in and out, Management address, and all sorts of certificates and never had any problems until this. Has anyone successfully set this up and they can walk me through how you did it and maybe I can see my error? I have heard that IP address must be used in the SAN attribute, but that didn't work either.
... View more