Authenticating to GlobalProtect using Certificates on macOS
Context
During the early stages of the GlobalProtect (GP) VPN Beta users may not have been able to authenticate using their MIT Certificates. This article will outline how to manually edit your personal certificate in Keychain to resolve that issue.
The following directions may not resolve issues on macOS 11.x.y, also known as Big Sur. We will look to find a resolution and update this article. |
Prerequisites
Please have updated Certificates using CertAid prior to continuing: CertAid 2.2.6 for MacOS
Problem
When attempting to connect to GP using your certificates you will be met with this error.
Solution
- Search for Keychain on Spotlight, and click on the icon to open it
- On the left-hand side, click on login and My Certificates
- Single-click on your certificate, make sure it states Issued by: Massachusetts Institute of Technology
- On the menu bar at the top of the screen, select File > New Identity Preference
- Enter below as typed
https://idp.mit.edu:446/
Note: macOS 12 (Monterey) or later requires the location be entered as a wildcard domain.*.mit.edu
- Quit the Keychain Access app
Confirm
- Click on GP icon on the task-bar, click Connect
- Click on Use Certificate, this should prompt macOS to request your local password, once typed click Always Allow
Result: You should now be connected to GP VPN.