Self-Signed Certificates
—You can generate a self-signed
CA certificate on the portal and use it to issue certificates for
all of the GlobalProtect components. However, this solution is less
secure than the other options and is therefore not recommended.
If you do choose this option, end users will see a certificate error
the first time they connect to the portal. To prevent this, you
can deploy the self-signed root CA certificate to all endpoints
manually or using some sort of centralized deployment, such as an Active
Directory Group Policy Object (GPO).