( Optional ) Client certificate | Used to enable mutual authentication when
establishing an HTTPS session between the GlobalProtect apps and
the gateways/portal. This ensures that only endpoints with valid client
certificates are able to authenticate and connect to the network. | For simplified deployment of client
certificates, configure the portal to deploy the client certificate
to the apps upon successful login using either of the following methods: Use a single client certificate across all GlobalProtect
apps that receive the same configuration. Assign the Local client
certificate by uploading the certificate to the portal, and then
selecting it in a portal agent configuration. Use simple certificate enrollment protocol ( SCEP )
to enable the GlobalProtect portal to deploy unique client certificates
to your GlobalProtect apps. Enable this by configuring a SCEP profile,
and then selecting that profile in a portal agent configuration.
Use one of the following digest algorithms when you generate
client certificates for GlobalProtect endpoints: sha1, sha256, sha384, or
sha512. You can use other mechanisms to deploy unique client certificates
to each endpoint when authenticating the end user. Consider testing your configuration without the client certificate
first, and then add the client certificate after you are sure that
all other configuration settings are correct.
|