Certificate Renewal for ADEM before June 3, 2022
Table of Contents
Expand all | Collapse all
- Products That Use Autonomous DEM
- View App Acceleration Metrics with AI-Powered ADEM
- ADEM Data Collection and Agent Processes
Certificate Renewal for ADEM before June 3, 2022
Renew the certificates for GlobalProtect App Log Collection and ADEM,
before
June 3, 2022. Where Can I Use This? | What Do I Need? |
---|---|
|
|
The certificates and the chain used for GlobalProtect App Log Collection and ADEM
expire on June 3, 2022. If you are a current ADEM customer, be sure to renew the
certificates for GlobalProtect App Log Collection and ADEM,
after
April 20,
2022 but before
June 3, 2022. The updated certificate will be available for
renewal starting on April 20th, 2022.If you renew the certificates on or before April 20, 2022, you will get the old certificates
which will expire on June 3, 2022. If you do not renew the certificates before June 3,
2022, once the certificate expires, new and existing clients will not be able to connect
to ADEM and the GlobalProtect app Log Collection service.
Also, if you deploy new ADEM endpoints, make sure that you are
running GlobalProtect client version 5.2.11 or later in order to
continue to successfully register new clients on ADEM portal. If
you already have ADEM or App Log Collection rolled out on an earlier
version of GlobalProtect you will be able to renew the certificate
without changing the version of your current GlobalProtect clients.
What you need to do:
New ADEM customers starting April 20, 2022-
Upgrade GlobalProtect
to 5.2.11 to successfully deploy ADEM.Existing ADEM customers looking to roll out ADEM on new endpoints
starting April 20, 2022-
Upgrade GlobalProtect to 5.2.11 and
renew certificate to successfully deploy ADEM.Existing ADEM customers with ADEM already deployed on their endpoints -
ADEM endpoints
will automatically be upgraded once already connected to ADEM, however renew the
certificate before expiry.The GlobalProtect 5.2.11 requirements are for ADEM functionality
only for new ADEM endpoint deployments starting April 20, 2022.
App Log Collection functionality doesn’t have the newer GlobalProtect
client version requirement with the renewal of the certificate.
To renew the certificates follow these steps:
On Panorama:
- On Panorama, selectCloud ServicesConfiguration
- Under theGlobalProtect App Log Collection and, section, clickAutonomous DEMGenerate Certificate for GlobalProtect App Log Collection and Autonomous DEMto renew the certificate.
- After the new certificate is generated, the administrator must push the new certificate under. The newly generated certificate overwrites the old certificate. Hence, the certificate name (globalprotect_app_log_cert) does not change. The new certificate gets pushed to the GlobalProtect app when the portal configuration is refreshed either manually by the end user or during the default portal configuration refresh interval (which is 24 hours by default unless changed by the admin). First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GlobalPotect 5.2.11. Existing ADEM endpoints that are already connected to ADEM Cloud Service will be auto-upgraded with the latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11.PortalAgentConfigsClient Certificate
On Cloud Managed Prisma Access:
- In the Prisma Access App, navigate toConfigurationObjectsCertificate ManagementSharedGP_Log_Certificate
- Once the new certificate is generated, the administrator must push the new changes by going toand selectPush ConfigPushMobile UsersGlobalProtectPush. The new certificate gets pushed to the GlobalProtect app when the portal configuration is refreshed either manually (by the end user) or during the default portal configuration refresh interval (which is 24 hours by default unless changed by the admin). First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GlobalProtect 5.2.11. Existing ADEM endpoints that are already connected to ADEM Cloud Service will be auto-upgraded with the latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11.