Self-Signed Certificates
—You can generate a self-signed CA certificate on the portal and
use it to issue certificates for all the GlobalProtect components. However, this
solution is not recommended since it's less secure than the other options. If
you do choose this option, end users will see a certificate error the first time
they connect to the portal. To prevent this, you can deploy the self-signed root
CA certificate to all endpoints manually or using some sort of centralized
deployment, such as an Active Directory Group Policy Object (GPO).