This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About LarsPetter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About LarsPetter
10-27-2020
2Posts
0Likes
0Solutions
Oct 27, 2020Last Visited
User
Activity
User
Profile
Latest posts by LarsPetter
| Subject | Views | Posted |
|---|---|---|
| 2562 | 09-07-2020 03:21 AM | |
| 2716 | 09-02-2020 03:18 AM |
User Badges
Community Statistics
| Member Since | 08-05-2020 04:08 AM |
| Date Last Visited | 10-27-2020 05:49 AM |
| Posts | 2 |
09-07-2020
03:21 AM
Thanks for the input folks, it pointed me in the right direction. My certificates have CN's so that was not the issue. I had to change the portal setting to look for the certificate in the user store, not the machine store and install my CA and Machine cert in the user store. Not sure if this applies to all browsers but at least Chrome would not show the machine certificates when trying to access the portal website. My issue with the gateway working even after applying the cert profile was we had authentication cookie override... However my "issue" now is that I need to install both CA and machine cert in user's store for the portal website to work, but for the app/gateway I need both certs in the machine store or it says valid cert not found when connecting to the gateway. Is there a setting for the app/gateway to look for cert in user store also? I could not find it.
... View more
09-02-2020
03:18 AM
Hi, We are currently using GlobalProtect with an auth profile that uses LDAP and DUO proxy. We now want to expand this setup with needing a machine certificate to be allowed to log on to portal/gateway so only company owned computers can log in. We created a new CA and machine certificate on our PA-820, then chose this new CA in a new cert profile with "Username field" set to "None". We then added this new cert profile to the authentication tab on both our GP Portal and our GP Gateway. On the machine we have tested this new setup we have installed the created CA cert without private key in the "Trusted root certificates" store and the machine cert with private key signed by this CA in the "Personal" store under computer certificates. The portal config > agent > app settings says "look for client certificate" in "Machine". When we navigate to the portal website it says " Valid client certificate is required" and does not prompt us to use authenticate us with our installed certificate. However when we log onto the VPN with the GP app it does not require any certificate. It works for users both with and without the certificate installed... Any thoughts on why we can't get this to work as expected?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-27-2020
05:49 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks