Deploy Shared Client Certificates for Authentication
To confirm that an endpoint user belongs to
your organization, you can use the same client certificate for all
endpoints or generate separate certificates to deploy with a particular
agent configuration. Use this workflow to issue self-signed client
certificates and deploy them from the portal.
If you
include a client certificate in the portal configuration for mobile
devices, you can only use client certificate authentication in the
gateway configuration because the client certificate passphrase
is saved in the portal configuration. Additionally, the client certificate
can only be used after the certificate is retrieved from the portal
configuration.
Generate a certificate to deploy to multiple GlobalProtect endpoints.
to identify
this certificate as an app certificate (for example,
GP_Windows_App
).
Because this certificate will be deployed to all apps using the
same agent configuration, it does not need to uniquely identify
a specific user or endpoint.
Configure authentication settings in a GlobalProtect portal
agent configuration to enable the portal to transparently deploy
the client certificate, which is
Local
to
the firewall, to apps that receive the configuration.