07-05-2019 06:34 AM
Hi Team,
We are intermittently experiencing Certificate issue while accessing some random website in Random times.
We have created Certificate in Firewall only for the purpose of Global Protect VPN and apart from that we haven't created any certificate in the firewall.
The issue is not constant, its appear to be intermittent.
From the website blocked message from the browser while issue occurs. It shows as "“NET::ERR_CERT_DATE_INVALID”. I have also checked the Date and Time configured in the firewall but there is no mismatch.
So please advice me on how to sort this issue. Awaiting for a response. Thanks in advance !!
Best Regards,
Sahul Hameed
07-05-2019 07:36 AM
If you aren't decrypting traffic then this message wouldn't be caused by the firewall. You would really need to look at the site in question and the certificate it's presenting to verify the the certificate isn't actually invalid.
If you are decrypting traffic that gets into another category and the firewall could be the issue, but the way you describe your certificates you have on your firewall that doesn't sound like it's the case.
07-05-2019 08:00 AM
Thanks for your response on this.
Yes I do agree on this, But I am wondering why the certificate issue is happening only when the traffic's are flowing through the Firewall
For Eg. If I am accessing the same website by not allowing the traffic traversing through firewall (mobile internet) it worked properly without any certificate error. So it is only happening when the traffic traversing through the Firewall. Just share your thoughts on this.
Best Regards,
Sahul Hameed
07-05-2019 08:11 AM
@SahulH ,
So either your firewall's time is not actually set correctly, you have a decryption profile assigned to the traffic with the action set to no-decrypt, or the firewall doesn't come into play with generate the certificate and you shouldn't be getting a difference when you move the machine from the firewall to another connection.
If the issue continues to happen, grab a copy of the certificate on the site in question and then the output of 'show system info'.
07-05-2019 10:40 AM
Checked the Firewall time settings was configured correctly. No decryption profile i have created for that traffic.
While I am accessing the website via Firewall i am getting a unvalid certificate but if I access the same website in another connection, the certificate is showing as valid. I dono how it is happening like that.
Best Regards,
Sahul Hameed
07-05-2019 04:06 PM
An error like this will also happen when your local computer time is incorrect. I would verify the local PC time when you receive this error message. Similar things happened to me when I had an errant NTP server handing out the wrong time (and date - including year).
07-13-2019 12:34 AM
Thanks for your response !!
I have checked the same prior but will recheck it again and let you know the status.
Best Regards,
Sahul Hameed
02-08-2023 07:57 AM
@SahulH Did you resolve this intermittent issue? I am experiencing something very similar.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
