Hello Guys,
I understand that so that the certificates who are generated by the PAN and these are renewed,the way they are installed and distributed transparently, the option "Install in local root certificate store" is enabled within the Global Protect configuration.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN5MCAW
But this costumer has the particularity that the certificates that have been installed manually must have a password added for it to be installed.
Under this condition, does this same process apply?
Best Regards.
The "install in local root certificate store" option is intended to distribute CA certificates so the client will be able to trust any internally/self created certificates used in the authentication/verification process It is not intended to redistribute client certificates for which a private key is required, those need to be installed manually or through a central management system