Error Connecting to GlobalProtect Portal: sec_error_bad_signature

Error Connecting to GlobalProtect Portal: sec_error_bad_signature

0
Created On 09/26/18 13:50 PM - Last Modified 07/19/22 23:09 PM


Resolution


Issue

After configuring GlobalProtect Gateway and Portal, the following errors occur when connecting to Portal from a browser:

  • On Mozilla Firefox:
    Error code: sec_error_bad_signature
  • On Google Chrome:
    You attempted to reach <portal Address>, but the server presented an invalid certificate

 

Cause

This issue can occur if the 'Common Name' (subject) of the root certificate used to sign the GlobalProtect server certificate is the same as the GlobalProtect certificate. The example below shows a certificate, GlobalProtectServerCert, that is signed by GlobalProtectRoot. However, both certificates show up on the same level. Note that the 'Common Name' is the same for both.

 

Resolution

To resolve the issue, create a new root and server certificate pair for the GlobalProtect Gateway and Portal ,and make sure to assign a unique Common Name (Subject) to the root certificate. For example:

 

The display should correctly show the GlobalProtectServerCert nested within the root certificate. Assign the GlobalProtectServerCert to your GlobalProtect Gateway\Portal to complete the configuration.

 

owner: jteetsel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsECAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail