GP client error "Could not verify the server certificate of the gateway..." when Trusted Root CA certificate is installed.

• When trying to connect, GP client displays the following error message in the status panel​​.           

"Could not verify the server certificate of the gateway. If the issue persists, contact your administrator."

• PanGPS.log file displays "Failed to to set trusted ca" message

(P5196-T2292)Dump (1018): 04/20/23 10:44:40:017 set trusted root ca file C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer
(P5196-T2292)Error(11394): 04/20/23 10:44:40:018 Failed to to set trusted ca. File C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer 
(P5196-T2292)Dump (11514): 04/20/23 10:44:40:018 CheckServerCert() returns 0x0

• GlobalProtect (GP) Client 5.1.12, 6.1.1, 6.2.0 and 6.0.5
• Microsoft Windows

• PAN-OS sends an incorrect format of the Trusted Root CA certificate file (tca.cer) to GP App (Defect GPC-17896)
• GP App does not understand the format and stops the certificate verification instead of verifying the server cert using an system's trusted certificate store.

1. The issue is fixed under GPC-17896
2. Upgrade of GlobalProtect App to fix the issue ( 6.1.2, 5.2.13, 6.2.1, 6.0.8 or later)

• Refer to the View and Collect GlobalProtect App Logs article to set debug level to Dump and export the GlobalProtect client logs.