Palo Alto GlobalProtect Portal login: A valid client certificate is required

Came across this while rolling about Palo Alto GlobalProtect.  The knowledge base article suggests installing the cert in the browser’s store, which isn’t really helpful in understanding what the cause or solution was in my case.

GPPortalValidClientCertificateIsRequired

There’s also its cousin, which complains about a missing client certificate when connecting to the Gateway:

GP_requiredClientCertNotFound

The problem lies in the Certificate profile configuration.  I had understood this to be a way to chain intermediate certs; in fact, that happens automatically when the certificate is upload.  Rather, this setting controls the CA for client side certs.  If if you’re not using client side certs, the configuration should simply have Certificate Profile left to “None”

GPPortalAuthentication

 

Advertisement

One thought on “Palo Alto GlobalProtect Portal login: A valid client certificate is required

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s