GlobalProtect Agent for iOS fails to connect with GP Gateway with error message "The certificate for this server is invalid."

• Users are unable to connect GlobalProtect from iOS device.
• On the failure attempt, following log message is displayed in GlobalProtect Agent.

The certificate for this server is invalid. You might be connecting to a server that is pretending to be "<IP_ADDRESS>" which could put your confidential information at risk.

• GlobalProtect Agent for iOS devices
• SAML authentication is configured

1. This issue could be caused by the mismatch between the subject of server certificate in GP Portal/Gateway and the hostname in URL you accessed (redirected).
2. In Agent.log, logs similar to below is displayed

Error: (GPSAMLViewController.mm:238) WebView provisional navigation error <WKNavigation: 0x*********> Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “<IP_ADDRESS>” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _WKRecoveryAttempterErrorKey=<WKReloadFrameErrorRecoveryAttempter: 0x********>, networkTaskDescription=LocalDataTask <xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx>.<17>, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, NSErrorPeerCertificateChainKey=(
"<cert(0x*********) s: vpn.example.co.jp i: 10.20.30.40>",
"<cert(0x*********) s: 10.20.30.40 i: 10.20.30.40>"
),
==snip==

3. To resolve, It is required to match the hostname of accessing URL with the subject in server certificate.