To import a certificate generated externally, navigate to Device>Certificate Management>Certificates and click on ' import' at the bottom. The pre-requisite to create SSL/TLS profile is to either generate/import the portal/gateway "server certificate" and its chain If portal/gateway are served through different interfaces, you can use same SSL/TLS profile as long as the certificate includes both portal/gateway IPs/FQDNs in its Subject Alternate Name(SAN), if not, create different profiles for portals and gateways as needed. If same interface serves as both portal and gateway, you can use the same SSL/TLS profile for both portal/gateway. In the context of GlobalProtect, this profile is used to specify GlobalProtect portal/gateway's "server certificate" and the SSL/TLS "protocol version range". Installing client/machine cert in end client Certificate profile(if any) - Used by portal/gateway to request client/machine certificateĬ. SSL/TLS service profile - Specifies Portal/gateway server cert, every portal/gateway needs one.ī. Please note that there can be other ways to deploy certificates for GlobalProtect which are not covered in this document.Ī. This document describes the basics of configuring certificates in GlobalProtect setup.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |