Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sonicwall SMA certificate issue

I am seeing below error in sma certificate section.I wants to know what is that error means. Or how can we remove that error message.


Category: Secure Mobile Access Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Darshil

    is this certificate issued by a public CA? To do further investigation you can examine the cert/key with openssl or my preferred tool of choise XCA.

    --Michael@BWC

  • SaravananSaravanan Moderator
    edited July 2020

    @Darshil - We'll have this post moved to SECURE REMOTE ACCESS category for precise answers.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • SimonSimon Moderator
    edited July 2020

    @Darshil The error is saying the certificate is not correct. There are common fields in a certificate that identify things like the purpose of the certificate.

    The Key Usage field: This field lists the valid cryptographic uses of the certificate's public key. Basically what can the certificate's public key be used to do. Examples are digital signature validation, key encipherment, or certificate signing

    The Extended Key Usage field: This field lists the applications the certificate may be used for. Examples of the values in this field are: TLS server authentication, email protection, and code signing.

    The Subject Alternative Names for a certificate allows the association of various values with a security certificate. In the SMA this is used to add domain names to the certificate. But it can include things like email addresses.

    The most likely cause of this error is when the certificate was retrieved from the CA web site the wrong purpose certificate type was retrieved. What the SMA requires is an Apache Server certificate. If you pull a certificate set up for a different purpose you will get this error.

    To fix this, go back to the CA web site and pull your certificate again and ensure you pull the Apache Server version.

Sign In or Register to comment.