'Valid client certificate is required' error accessing portal address on Firefox

'Valid client certificate is required' error accessing portal address on Firefox

124631
Created On 09/26/18 13:48 PM - Last Modified 06/07/23 02:38 AM


Symptom


Symptoms

An error, 'Valid client certificate is required,' displays on the Firefox browser while accessing the portal address:

 

firefox error.PNG

Diagnosis

GlobalProtect is configured with Certificate Authentication for the client.
The client certificate has been added in the 'personal' certificate store of the end user.
Other browsers like Chrome and IE are able to connect to the portal address successfully.



Resolution


  • The error, 'Valid client certificate is required' while accessing the portal address displays when
    the browser is unable to fetch the certificate to present it to the portal for authentication.
  • Here, the client certificate has already been added in the personal certificate store of the computer, so Chrome and IE are able to sync this certifcate from this personal store.
  • If the same error displays in Chrome or IE, please verifiy that the certificate is present in the personal stores of these browsers.

For Firefox, the client certificate is not present in the 'Your Certificates' store, as seen below. Therefore, the browser is unable to present it to the portal for authentication:


firefox no cert.PNG

 


Firefox maintains a separate store, compared to Chrome or IE, so the certificate must be explicitly imported.
Add the certificate in the 'Your Certificates' store of Firefox:

 

1.  Click Options > Advanced > Certificates > View Certificates > Your Certificates > Import
2.  Select the Client Certificate from the computer and enter the password to import.
     Note that Client certificate needs to be imported with the private key.

The added certificate can now be seen as follows:

 

firefox cert added.PNG

 


NOTE : If the same error displays on other browsers, the client certificate is required to be imported in the 'Personal Certificate' store of these browsers.



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp6CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language