We are intermittently experiencing Certificate issue while accessing some random website in Random times.
We have created Certificate in Firewall only for the purpose of Global Protect VPN and apart from that we haven't created any certificate in the firewall.
The issue is not constant, its appear to be intermittent.
From the website blocked message from the browser while issue occurs. It shows as "“NET::ERR_CERT_DATE_INVALID”. I have also checked the Date and Time configured in the firewall but there is no mismatch.
So please advice me on how to sort this issue. Awaiting for a response. Thanks in advance !!
If you aren't decrypting traffic then this message wouldn't be caused by the firewall. You would really need to look at the site in question and the certificate it's presenting to verify the the certificate isn't actually invalid.
If you are decrypting traffic that gets into another category and the firewall could be the issue, but the way you describe your certificates you have on your firewall that doesn't sound like it's the case.
Thanks for your response on this.
Yes I do agree on this, But I am wondering why the certificate issue is happening only when the traffic's are flowing through the Firewall
For Eg. If I am accessing the same website by not allowing the traffic traversing through firewall (mobile internet) it worked properly without any certificate error. So it is only happening when the traffic traversing through the Firewall. Just share your thoughts on this.
So either your firewall's time is not actually set correctly, you have a decryption profile assigned to the traffic with the action set to no-decrypt, or the firewall doesn't come into play with generate the certificate and you shouldn't be getting a difference when you move the machine from the firewall to another connection.
If the issue continues to happen, grab a copy of the certificate on the site in question and then the output of 'show system info'.
Checked the Firewall time settings was configured correctly. No decryption profile i have created for that traffic.
While I am accessing the website via Firewall i am getting a unvalid certificate but if I access the same website in another connection, the certificate is showing as valid. I dono how it is happening like that.
An error like this will also happen when your local computer time is incorrect. I would verify the local PC time when you receive this error message. Similar things happened to me when I had an errant NTP server handing out the wrong time (and date - including year).
Thanks for your response !!
I have checked the same prior but will recheck it again and let you know the status.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!