Replacing/Uploading Certificates
  • 24 May 2022
  • Dark
    Light

Replacing/Uploading Certificates

  • Dark
    Light


File Upload Issue
If you encounter an error when attempting to upload files through Panorama, please open an SMC ticket with the OSC for assistance.

Overview

By default, Expedient configures GlobalProtect utilizing the expedient.com wildcard certificate. If preferred, a client can substitute the expedient.com wildcard with their own certificate. If a client chooses to use a non-Expedient managed certificate, it is the client's responsibility to manage that certificate. While Expedient may not manage the certificate., Expedient provides this documentation to assist clients with getting started on uploading and renewing their own certificates.

Prerequisites

The steps described in this document assume that the firewall hosting GlobalProtect has had the GlobalProtect Gateway & Portal configuration sections completed.

Process

You can use the following process to upload a first-time certificate or replace an existing one.

1. Navigate to primary node firewall UI after successfully authenticating into fw.expedient.cloud.

2. Select Device > Certificate Management > Certificates > Device Certificates > Import

3. Import the appropriate certificate/key. In our example, we're importing the expedient.cloud certificate.

"Block Private Key Export" must be selected when configuring the certificate.

4. Create an SSL/TLS service profile using the certificate you've imported. Select Device > Certificate Management > SSL/TLS Service Profile > Add

"TLSv1.2" must be selected when configuring the certificate & SSL/TLS profile.

5. Apply service profile to GlobalProtect gateway. Select Network > GlobalProtect > Gateways > Click link for gateway > Authentication > Select appropriate SSL/TLS profile from Server Authentication drop-down > Click OK

6. Apply service profile to GlobalProtect portal. Select Network > GlobalProtect > Portals > Click link for portal > Authentication > Select appropriate SSL/TLS profile from Server Authentication drop-down > Click OK

7. Perform a firewall Commit operation to commit your changes.



Was this article helpful?