Certificate Renewal for ADEM before June 3, 2022
Table of Contents
Expand all | Collapse all
- Autonomous DEM
- Products That Use Autonomous DEM
- Set up an Autonomous DEM Application Test
- ADEM Data Collection and Agent Processes
Certificate Renewal for ADEM before June 3, 2022
The certificates and the chain used for
GlobalProtect App Log Collection and ADEM expire on June 3, 2022.
If you are a current ADEM customer, please be sure to renew the
certificates for GlobalProtect App Log Collection and ADEM,
after
April
20, 2022 but before
June 3, 2022. The updated certificate
will be available for renewal starting on April 20th, 2022.If you renew the certificates on or before April 20, 2022, you
will get the old certificates which will expire on June 3, 2022.
If you do not renew the certificates before June 3, 2022, once the
certificate expires, new and existing clients will not be able to
connect to ADEM and the GlobalProtect App Log Collection service.
Also, if you deploy new ADEM endpoints, make sure that you are
running GlobalProtect client version 5.2.11 or later in order to
continue to successfully register new clients on ADEM portal. If
you already have ADEM or App Log Collection rolled out on an earlier
version of GlobalProtect you will be able to renew the certificate
without changing the version of your current GlobalProtect clients.
What you need to do:
New ADEM customers starting April 20, 2022-
Upgrade GlobalProtect
to 5.2.11 to successfully deploy ADEM.Existing ADEM customers looking to roll out ADEM on new endpoints
starting April 20, 2022-
Upgrade GlobalProtect to 5.2.11 and
renew certificate to successfully deploy ADEM.Existing ADEM customers with ADEM already deployed on their
endpoints -
ADEM endpoints will automatically be upgraded once
already connected to ADEM, however please renew the certificate
before expiry.The GlobalProtect 5.2.11 requirements are for ADEM functionality
only for new ADEM endpoint deployments starting April 20, 2022.
App Log Collection functionality doesn’t have the newer GlobalProtect
client version requirement with the renewal of the certificate.
To renew the certificates follow these steps:
On Panorama:
- On Panorama, selectCloud ServicesConfiguration
- Under theGlobalProtect App Log Collection and Autonomous DEM, section, clickGenerate Certificate for GlobalProtect App Log Collection and Autonomous DEMto renew the certificate.
- After the new certificate is generated, the administrator must push the new certificate under. The newly generated certificate overwrites the old certificate. Hence, the certificate name (globalprotect_app_log_cert) does not change. The new certificate gets pushed to the GlobalProtect app when the portal configuration is refreshed either manually by the end user or during the default portal configuration refresh interval (which is 24 hours by default unless changed by the admin). First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GlobalPotect 5.2.11. Existing ADEM endpoints that are already connected to ADEM Cloud Service will be auto-upgraded with the latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11.PortalAgentConfigsClient Certificate
On Cloud Managed Prisma Access:
- In the Prisma Access App, navigate toConfigurationObjectsCertificate ManagementSharedGP_Log_Certificate
- Once the new certificate is generated, the administrator must push the new changes by going toand selectPush ConfigPushMobile UsersGlobalProtectPush. The new certificate gets pushed to the GlobalProtect app when the portal configuration is refreshed either manually (by the end user) or during the default portal configuration refresh interval (which is 24 hours by default unless changed by the admin). First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GlobalProtect 5.2.11. Existing ADEM endpoints that are already connected to ADEM Cloud Service will be auto-upgraded with the latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11.