On a managed Mac with a machine certificate, when the certificate is renewed, Palo Alto GlobalProtect will prompt for administrative credentials before connecting. This is because the executable isn’t allowed to directly read from the System keychain. There’s a nice explanation and fix described on Palo Alto’s site, but in case that one goes missing,… Continue reading Trusting Palo Alto GlobalProtect to use a macOS machine certificate