How to fix "ERR_CERT_COMMON_NAME_INVALID" when accessing GlobalProtect Portal via web-browser?

How to fix "ERR_CERT_COMMON_NAME_INVALID" when accessing GlobalProtect Portal via web-browser?

13457
Created On 06/03/22 18:49 PM - Last Modified 01/29/25 15:03 PM


Question


How to fix "ERR_CERT_COMMON_NAME_INVALID" when accessing GlobalProtect Portal via web-browser?

Environment


  • GlobalProtect Portal
  • Certificates

Answer


The web-browser checks the "Subject Alternative Name" field in the certificate and when it doesn't find this field in the certificate or the value of Subject alternative name doesn't match the portal IP/Hostname, the web-browser displays the message "Your connection isn't private" with an error "ERR_CERT_COMMON_NAME_INVALID".

In order to avoid this, create the Portal server certificate with the proper subject alternative name which matches the portal IP/hostname.

Note: it has observed that the issue may happen when upgrading to GlobalProtect Client versions 6.1.5, 6.2.3, 6.3.0 or higher, due to webview to webview2 upgrade, which is the software component used for embedded browser SAML authentication.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CprfCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language