GlobalProtect: Using An External Root CA

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

GlobalProtect: Using An External Root CAGlobalProtect: Using An External Root CA


The LIVEcommunity team presents some useful resources about configuring GlobalProtect, including pre-user logon, user-logon, on-demand, and using an external root CA. Learn more about where to find more resources to support your increased remote workforce.




Palo Alto Networks understands your challenges during COVID-19, and we realize that a new level of support is needed. In response to that, the LIVEcommunity team has created the COVID-19 Response Center where you'll find resources from across Palo Alto Networks specific to GlobalProtect and Prisma Access.


With that said, check out the following article about how to configure GlobalProtect using an External Root CA by our very own @chadley, Sr. Technical Support Engineer.


How to Configure GlobalProtect VPN Using an External Root CA 


Corbin Hadley's article covers the steps required to configure GlobalProtect VPN using an external root CA, such as Windows Server 2012 with AD certificate services running on it

He also explains how to create a root CA, how to go about exporting the root CA certificate, importing them to your clients, how to configure GlobalProtect on the firewall, and how to go about installing the client software to your PCs. And he doesn't stop there. There's even a section on how to troubleshoot, verify, and debug.


To configure GlobalProtect VPN just using self-signed certificates on the firewall (instead of having an internal/external root CA issue the certificates), the following Knowledge Base articles and Blogs may assist you:


Basic GlobalProtect Configuration: User-Logon

Basic GlobalProtect Configuration: Pre-Logon 

Basic GlobalProtect Configuration: On-Demand 

More-security-with-GlobalProtect (user-logon) 

Full-control-with-GlobalProtect (on-demand) 



Palo Alto Networks will continue to highlight new information and articles that can help you find solutions for your GlobalProtect applications during this time of increased remote work.


If you have any questions about the above articles, please don't hesitate to post them in the comment section below.


Thanks for taking time to read the blog.

If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.


Stay Secure,
Kiwi out!

Register or Sign-in
Top Liked Authors