While being annoyed about the current reboot loop dilemma on Gen7 I needed a distraction and examined what kind of DNS requests a factory reset Gen7 Appliance is doing when just running idle or only … (View Post)

@MacGyver the problem with the specific site you mentioned is, that the server is not returning the intermediate Certificate for "DigiCert TLS RSA SHA256 2020 CA1". That's a common problem … (View Post)

@lostbackups to avoid any "Common Name Mismatch Error" the CN (or SAN) has to match the Name with which you try to establish the SSL/TLS Connection. If you try to access via https://sslvpn.… (View Post)

@lostbackups same goes for NetExtender/MobileConnect, it'll complain about the cert if Server-Name does not match the CN. If you're running your own CA you can go crazy and issue a SAN certificate wi… (View Post)

Security/Encryption-wise there is no difference between a commercial and self-signed cert, just that you condition your endusers to trust any cert that'll come as invalid. It's hard enough already th… (View Post)