Certificate issue for Random website on Random Times

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Certificate issue for Random website on Random Times

L3 Networker

Hi Team,

 

We are intermittently experiencing Certificate issue while accessing some random website in Random times.

We have created Certificate in Firewall only for the purpose of Global Protect VPN and apart from that we haven't created any certificate in the firewall. 

 

The issue is not constant, its appear to be intermittent. 

 

From the website blocked message from the browser while issue occurs. It shows as "“NET::ERR_CERT_DATE_INVALID”. I have also checked the Date and Time configured in the firewall but there is no mismatch.

 

So please advice me on how to sort this issue. Awaiting for a response. Thanks in advance !!

 

Best Regards,

Sahul Hameed

7 REPLIES 7

Cyber Elite
Cyber Elite

@SahulH,

If you aren't decrypting traffic then this message wouldn't be caused by the firewall. You would really need to look at the site in question and the certificate it's presenting to verify the the certificate isn't actually invalid. 

If you are decrypting traffic that gets into another category and the firewall could be the issue, but the way you describe your certificates you have on your firewall that doesn't sound like it's the case. 

@BPry 

 

Thanks for your response on this.

 

Yes I do agree on this, But I am wondering why the certificate issue is happening only when the traffic's are flowing through the Firewall 

 

For Eg. If I am accessing the same website by not allowing the traffic traversing through firewall (mobile internet) it worked properly without any certificate error. So it is only happening when the traffic traversing through the Firewall. Just share your thoughts on this.

 

Best Regards,

Sahul Hameed

@SahulH ,

So either your firewall's time is not actually set correctly, you have a decryption profile assigned to the traffic with the action set to no-decrypt, or the firewall doesn't come into play with generate the certificate and you shouldn't be getting a difference when you move the machine from the firewall to another connection. 

If the issue continues to happen, grab a copy of the certificate on the site in question and then the output of 'show system info'. 

@BPry 

Checked the Firewall time settings was configured correctly. No decryption profile i have created for that traffic. 

While I am accessing the website via Firewall i am getting a unvalid certificate but if I access the same website in another connection, the certificate is showing as valid. I dono how it is happening like that.

 

Best Regards,

Sahul Hameed

An error like this will also happen when your local computer time is incorrect.  I would verify the local PC time when you receive this error message.  Similar things happened to me when I had an errant NTP server handing out the wrong time (and date - including year).  

@jvalentine

 

Thanks for your response !!

 

I have checked the same prior but will recheck it again and let you know the status. 

 

Best Regards,

Sahul Hameed 

@SahulH Did you resolve this intermittent issue? I am experiencing something very similar.

  • 5899 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!