17th March 2020

GlobalProtect + Client Certificate

Setup the client certificate deployment by following this guide : https://www.virtuallyboring.com/setup-microsoft-active-directory-certificate-services-ad-cs/

Start of by exporting the CA certificate:

Install the certificate on you Palo Alto Firewall:

the certificate should look something like this:

Create a Certificate profile:

Add this profile to your Authentication settings on the GlobalProtect gateway:

Now you can access your globalprotect vpn with the required client certificate.

If you get disconnected right away you can check the debug logs undre Troubleshooting, look for this message:

indicating the client certificate is not correct or missing