GlobalProtect Error "certificate is revoked." after replacing expired certificate

GlobalProtect Error "certificate is revoked." after replacing expired certificate

4286
Created On 01/24/23 22:51 PM - Last Modified 05/03/24 21:01 PM


Symptom


  • GlobalProtect Root Certificate Expired.
  • Generated and installed new Certificate.
  • When trying to connect to GlobalProtect, Agent is presenting Server Certificate Error: The <certificate name> certificate is revoked.
Server Certificate Error from GlobalProtect Agent

Environment


  • GlobalProtect Agent 5.2
  • Supported PAN-OS
  • PAN OS Generated Root Certificate

Cause


New certificate is not added to the SSL/TLS Service Profile assigned to GlobalProtect Porta/Gateway.

Resolution


  1. Add newly created certificate to the SSL/TLS Service Profile assigned to GlobalProtect Porta/Gateway from GUI: Device > Certificate Management > SSL/TLS Service Profile.
  2. Commit changes

Additional Information


Certificate Config for GlobalProtect - (SSL/TLS, Client Cert profiles, Client Machine Cert
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sacJCAQ&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail