I am tyring to get to download our global protect client, usually by going to the VPN public IP address and today I am met with this, ERR_SSL_KEY_USAGE_INCOMPATIBLE. I use chrome and it is fully updated. Palo Alto is on 10.2.0-h2 because of the whole certificate thing that we had to fix by April. Is this a chrome thing?
It could be Chrome then again could be Palo Alto and how you installed the cert. Without logs from the Palo Alto (which I don’t want) I can’t really tell you. Also ensure you are using the newest GlobalProtect Client (6.2.2).
If you have Palo Alto, you should have support with them which they can guide you on fixing this. They do have something inline with your issue in the knowledge base but it’s for PAN OS 9.1. They also have something in the Live Community too for PAN OS 10.2.
Again, if you have Palo Alto you should have support and should hit them up about this.
Also, if you have a sign in with Palo Alto I would check out this URL to ensure you’re running the right version. For PAN OS 10.2 you should be running 10.2.7-h3
I’ve run into that too. I ended up using another browser to get what I needed. Chrome wants more and more items in the cert to be required rather than optional. The last one I saw was an RSA check of some sort.
I ended up doing editing windows registry with [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
“RSAKeyUsageForLocalAnchorsEnabled”=dword:00000000
I am able to access the capture portal now. But for our vendors or users that need to download global protect it’s going to a be pain to have them do this.
Just FYI, you should be on 10.2.9-H1 right about now! Open a case ticket, download your SupportTech and submit that now!