About davidlan

I have been trying to get this to work for days not and I am not getting anywhere. I always seem to struggle with certs due to how they are chained. On my Palo I have a rootca (self-signed, certificate authority), intermediateca (issued by rootca, and also certificate authority), then I cut a cert called gp-cert (issued by intermediateca, non certificate authority). My cert profile includes the intermediateca and the SSL/TLS SP includes the gp-cert. I have downloaded the intermediateca cert without private key in PEM format and exported the gp-cert with private key in PSK12 format. My DNS name for my gatway/portal lets say is vpn.company.com vpn.company.com is the CN for the gp-cert I upload these to my iPhone11 and when I attempt to connect I get an error: Cannot verify server identity There is a problem with the security certificate. The identity of vpn.company.com cannot be verified. My options are cancel or detail. Detail gives me the certificate details and thats it. I always remember I could click continue when this happens so did something change in iOS or is this an issue with my certs and how I have them chained or exported, or even signed? Thank ... View more