Error message "Unmatched certificate and key" during commit after adding a new certificate to the SSL/TLS Service Profile used by Global Protect

Error message "Unmatched certificate and key" during commit after adding a new certificate to the SSL/TLS Service Profile used by Global Protect

13977
Created On 09/20/24 23:46 PM - Last Modified 10/08/24 20:36 PM


Symptom


  • Using Certificate generated from CSR on firewall.
  • When adding a new certificate to a SSL/TLS Service Profile in use by Global Protect, error message is displayed.
Error: Certificate CERTIFATE_NAME_HERE failed to load: Unmatched certificate and key
Error loading vsys cfg
failed to handle CONFIG_UPDATE_START
(Module: device)
client device phase 1 failure
Commit failed

 

Environment


  • Any PAN-OS
  • SSL/TLS Service Profile
  • Global Protect

Cause


The cause is potentially due to file corruption somewhere from generation by a PKI, to how it was transported or stored, this does not appear to have any cause based in PAN-OS.

Resolution


  1. Delete the problem certificate.
  2. Generate a new CSR.
  3. Generate a new certificate from the PKI Provider.
  4. Repeat Import Process.

Additional Information


Error: Certificate "Certificate_name" failed to load: Unmatched certificate and key
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HE9NCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language