Access Keys:
Skip to content (Access Key - 0)

Authenticating to GlobalProtect using Certificates on macOS

Context

During the early stages of the GlobalProtect (GP) VPN Beta users may not have been able to authenticate using their MIT Certificates. This article will outline how to manually edit your personal certificate in Keychain to resolve that issue.

The following directions may not resolve issues on macOS 11.x.y, also known as Big Sur. We will look to find a resolution and update this article.

Prerequisites

Please have updated Certificates using CertAid prior to continuing: CertAid 2.2.6 for MacOS

Problem

When attempting to connect to GP using your certificates you will be met with this error.

Solution

  1. Search for Keychain on Spotlight, and click on the icon to open it
  2. On the left-hand side, click on login and My Certificates
  3. Single-click on your certificate, make sure it states Issued by: Massachusetts Institute of Technology
  4. On the menu bar at the top of the screen, select File > New Identity Preference
  5. Enter below as typed

    https://idp.mit.edu:446/



    Note: macOS 12 (Monterey) or later requires the location be entered as a wildcard domain.

    *.mit.edu



  6. Quit the Keychain Access app

Confirm

  1. Click on GP icon on the task-bar, click Connect
  2. Click on Use Certificate, this should prompt macOS to request your local password, once typed click Always Allow

    Result: You should now be connected to GP VPN.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

September 28, 2023

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
globalprotect globalprotect Delete
macos macos Delete
certificate certificate Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki