Sunday, September 12, 2021

GlobalProtect (Mac): The server certificate is invalid. Please contact your IT administrator

 

Last time I tried to sign in my private PAN VPN on my Mac. The sign in process via Chrome browser was ok but I couldn't sign in when using GlobalProtect software. I got the following error message:

   GlobalProtect: The server certificate is invalid. Please contact your IT administrator



Trying to gg for resolution, especially on *.paloaltonetworks.com [1] and I couldn't fix this error. Later, I decided to sign in again via Safari and accepted the self-signed certificate again. Suddenly I did it successfully.  I figured it out that: the GlobalProtect only works well with valid and/or trusted certificated stored in Keychain Access. Chrome browser may maintain private cert store itself and GlobalProtect can not find any accepted certs in Chrome cert store Chrome browser may not be allowed to maintain or update private certs stored in KeyChain Access (even though Chrome have GUI for trust self signed certs. Chrome has only a link to go to KeyChain Access aka. OS Cert Store).

So I decided to write this post and hope it helps for others having this issue (on Mac).


[1]: Links I tried and did not work:

  • https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLhxCAG 
  • https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNWDCA4 
  • https://kb.wisc.edu/wcer/page.php?id=100007  & https://www.eduhk.hk/ocio/content/faq-vpn-connection-failed-globalprotect-client-prompt-server-certificate-invalid 

No comments: