Disable Certificate prompt during GlobalProtect login for certificate confirmation
26680
Created On 11/04/20 14:54 PM - Last Modified 07/21/22 18:23 PM
Symptom
Sometimes users are getting prompted to confirm a user certificate to login to GP (Portal/Agent) even if there is only a unique certificate in the user store as in the example below:
Environment
- Palo Alto Firewall configured with GP Portal/Gateway
- Any PAN-OS
- Certificate configuration on Browsers.
- GP user =====================> Firewall========================>Internet
Cause
This issue is a browser related issue and is not related to GlobalProtect or firewall configuration,
It can be resolved by automating the process instead of manually prompting the user and confirming the certificate either using Firefox or Internet Explorer.
Resolution
Firefox configuration:
- Select the Menu icon > Options.
- Select Privacy & Security > Certificates > Select one automatically.
- Close the browser window.
- Open the Windows Control Panel.
- Select Internet Options > Security tab > Custom Level.
- Select Enable for the “Don’t prompt for client certificate selection when only certificate exists”
- Select OK.
- Select Yes on the confirmation window.
- Select Apply or OK on the subsequent windows.
Additional Information
This article applies to IE and Edge legacy, other browsers do not work this way, check the below Link1 and Link2 further details.