Globalprotect vpn client
#GLOBALPROTECT VPN CLIENT HOW TO#
For instructions of how to import the certificate to the client computer using shared certificates, please follow the directions mentioned here.
In cases of self-signed certificates, the certificate will need to be imported to the trusted root CA. Note: The client certificate will be indented under the root CA when viewing from the Device > Certificates in the GUI. However, please ensure the appliance has the full CA certificate chain of trust imported on the user's machine: i.e Root + Intermediate (if applicable) CAs. The certificate imported to the client machine(s) may or may not be signed the same root CA which signed the 'Server Certificate' in the Portal/Gateway settings.
Shared client certificates - each endpoint uses the same certificate to authenticate it can be locally generated or imported from trusted CA.You have 3 options when implementing certificate-based client authentication for your GlobalProtect environment.