Created On 02/07/19 23:41 PM - Last Updated 02/07/19 23:41 PM
GlobalProtect cloud service
GlobalProtect versions 2.1.1-25 and above
Issue GlobalProtect Agent fails to connect to the GlobalProtect portal when using the portal’s FQDN. It generates the following error message:
(T8728) 02/13/15 13:58:55:137 Info (2184): PanWinhttpCallback(dwInternetStatus=WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, this=0000000001CE29A0) (T8728) 02/13/15 13:58:55:137 Info (2197): winhttpObj, dwCertError is: (T8728) 02/13/15 13:58:55:137 Info (2202): WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID
This issue is not seen when the portal’s IP address is configured in GlobalProtect Agent, instead of FQDN.
The GlobalProtect Agent performs an additional check in order to protect the SSL connection with the portal by comparing the portal’s certificate common name with the FQDN name put in the GlobalProtect Agent. The GlobalProtect Agent will consider the portal’s certificate as invalid if the CN doesn’t match the locally configured FQDN name.