cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About LarsPetter

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
LarsPetter
2 weeks ago
since ‎08-05-2020
L0 Member
User Activity
User Profile
User Badges
Public Statistics
Date Registered ‎08-05-2020 04:08 AM
Date Last Visited 2 weeks ago
Total Messages Posted 2

Re: GlobalProtect adding machine cert authentication

by in GlobalProtect Discussions
‎09-07-2020 03:21 AM
‎09-07-2020 03:21 AM
Thanks for the input folks, it pointed me in the right direction. My certificates have CN's so that was not the issue. I had to change the portal setting to look for the certificate in the user store, not the machine store and install my CA and Machine cert in the user store. Not sure if this applies to all browsers but at least Chrome would not show the machine certificates when trying to access the portal website. My issue with the gateway working even after applying the cert profile was we had authentication cookie override...   However my "issue" now is that I need to install both CA and machine cert in user's store for the portal website to work, but for the app/gateway I need both certs in the machine store or it says valid cert not found when connecting to the gateway. Is there a setting for the app/gateway to look for cert in user store also? I could not find it. ... View more

GlobalProtect adding machine cert authentication

by in GlobalProtect Discussions
‎09-02-2020 03:18 AM
‎09-02-2020 03:18 AM
Hi,   We are currently using GlobalProtect with an auth profile that uses LDAP and DUO proxy. We now want to expand this setup with needing a machine certificate to be allowed to log on to portal/gateway so only company owned computers can log in.   We created a new CA and machine certificate on our PA-820, then chose this new CA in a new cert profile with "Username field" set to "None". We then added this new cert profile to the authentication tab on both our GP Portal and our GP Gateway.   On the machine we have tested this new setup we have installed the created CA cert without private key in the "Trusted root certificates" store and the machine cert with private key signed by this CA in the "Personal" store under computer certificates. The portal config > agent > app settings says "look for client certificate" in "Machine".   When we navigate to the portal website it says " Valid client certificate is required" and does not prompt us to use authenticate us with our installed certificate. However when we log onto the VPN with the GP app it does not require any certificate. It works for users both with and without the certificate installed...   Any thoughts on why we can't get this to work as expected? ... View more
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks