Palo Alto Networks Knowledgebase: Error Connecting to GlobalProtect Portal: sec_error_bad_signature

Error Connecting to GlobalProtect Portal: sec_error_bad_signature

Created On 02/07/19 23:47 PM - Last Updated 02/07/19 23:47 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection


After configuring GlobalProtect Gateway and Portal, the following errors occur when connecting to Portal from a browser:

  • On Mozilla Firefox:
    Error code: sec_error_bad_signature
  • On Google Chrome:
    You attempted to reach <portal Address>, but the server presented an invalid certificate



This issue can occur if the 'Common Name' (subject) of the root certificate used to sign the GlobalProtect server certificate is the same as the GlobalProtect certificate. The example below shows a certificate, GlobalProtectServerCert, that is signed by GlobalProtectRoot. However, both certificates show up on the same level. Note that the 'Common Name' is the same for both.



To resolve the issue, create a new root and server certificate pair for the GlobalProtect Gateway and Portal ,and make sure to assign a unique Common Name (Subject) to the root certificate. For example:


The display should correctly show the GlobalProtectServerCert nested within the root certificate. Assign the GlobalProtectServerCert to your GlobalProtect Gateway\Portal to complete the configuration.


owner: jteetsel

  • Print
  • Copy Link

Choose Language