Globalprotect gateway
Now we’ll create a machine certificate that we can use for authenticating to GlobalProtect. I ran into a lot of issues with this when I tried creating three year certificates! The settings above are compliant with these new requirements.Ĭreate Machine Certificate For Client Authentication Notably, you cannot use a certificate that expires after 825 days and server certificates must present the DNS name of the server in the Subject Alternative Name extension. Note: If you’ll be supporting the latest macOS and iOS systems, be aware of the new requirements for certificates. The Common Name should be populated with your Dynamic DNS hostname and must match the value under Certificate Attributes -> Host Name. Populate it with the settings as shown in the screenshot below and click Generate to create the VPN server certificate. This time, we will create our VPN server certificate ( my-vpn) signed by our newly created root certificate authority ( my-vpn-ca).
This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network.