Palo Alto Failed To Fetch Device Certificate Tpm Public Key Match Failed -

: There is a documented issue where a mismatch between the certificate on the device and the CSP portal requires a backend fix from Palo Alto support.

On the Palo Alto firewall, the or Portal configuration under Network > GlobalProtect > Gateways may have the "Client Authentication" method set to "Require device certificate" but the Certificate Profile points to a CA that does not match the client’s TPM-backed certificate. Additionally, if "Use hardware certificate (TPM)" is enforced but the client’s TPM lacks a valid key, the error surfaces. : There is a documented issue where a