Certificate working for HTTPS management but not for SSL VPN
JimAllenSW
Newbie ✭
in SSL VPN
I have a real wildcard public cert installed on a NSA 5600 firewall. The cert works fine for HTTPS management. But it does not work when using Netextender as an SSL VPN client. I do have the same public certificate chosen on the certificate selection section within the SSL VPN Server Settings.
On Netextender I get
"errror: unable to verify client certificate"
It is a wildcard cert, not sure if that matters. Again , the same cert is valid when doing HTTPS GUI management on sme firewall. Has anyone run across this before?
Category: SSL VPN
0
Answers
@JimAllenSW IMHO the Certificate should work for both, but the Error Message tricks me to think it's something else.
Do you have Client Certificate Check enabled on the Manage -> System Setup -> Appliance -> Base Settings page? Do you work with Client Certificates, which is IMHO not supported on Firewalls?
If it's not Client Certificate related, contrary to the error message, to you have the complete Certificate Chain imported with the Certificate?
--Michael@BWC
@BWC Good questions. We do not have Client Certificates enabled, nor do we use them. Yes, it is a GO Daddy Cert and the complete chain was imported.
@JimAllenSW did you checked with a Tool (DigiCert, SSL Labs, ...) that the Cert/Chain provided from the Appliance is correct? You can do this by your own with openssl or testssl as well if you're familar with it.
This "Client Certificate" still bothers me.
Update: If you try a self signed cert for SSL VPN, does this error still comes up. Just to root things out if it's Certificate or Appliance related.
--Michael@BWC