Palo Alto Networks Knowledgebase: Error Connecting to GlobalProtect Portal: sec_error_bad_signature
Error Connecting to GlobalProtect Portal: sec_error_bad_signature
Created On 02/07/19 23:47 PM - Last Updated 02/07/19 23:47 PM
Zone and DoS Protection
After configuring GlobalProtect Gateway and Portal, the following errors occur when connecting to Portal from a browser:
On Mozilla Firefox: Error code: sec_error_bad_signature
On Google Chrome: You attempted to reach <portal Address>, but the server presented an invalid certificate
This issue can occur if the 'Common Name' (subject) of the root certificate used to sign the GlobalProtect server certificate is the same as the GlobalProtect certificate. The example below shows a certificate, GlobalProtectServerCert, that is signed by GlobalProtectRoot. However, both certificates show up on the same level. Note that the 'Common Name' is the same for both.
To resolve the issue, create a new root and server certificate pair for the GlobalProtect Gateway and Portal ,and make sure to assign a unique Common Name (Subject) to the root certificate. For example:
The display should correctly show the GlobalProtectServerCert nested within the root certificate. Assign the GlobalProtectServerCert to your GlobalProtect Gateway\Portal to complete the configuration.