06-25-2024 11:27 AM
Hi All,
I am new to this community I am here to get some help on a issue I am experiencing with my organization vpn network gp vpn server certificate is not trusted.
Here is the error screenshot.
Any help to troubleshoot this issue would be greatly appreciated 👍
Regards
Sanjib
06-26-2024 07:21 AM
I agree with @BPry if this is an existing deployment with nothing new it seems odd that this error is just randomly occurring. At face value there's 2 things going on here. Either the certificate being presented by the firewall isn't trusted by the machine that's trying to connect to the VPN (meaning you are missing at least one of the following in the local machine cert store: root, intermediate, or issuer.) Option 2 is the certificate is expired and inherently will be untrusted.
There are be other more intricate issues like @BPry mentioned with the cert name not matching the SN/SAN (subject alternative name) -- This wouldn't make sense though to "just have broken" with nothing else being changed.
06-25-2024 12:26 PM
I'm assuming that this is a new configuration and not an existing configuration. You'll either need to get a certificate that is signed by a public trusted certificate authority, an internal certificate authority trusted by your endpoints, or utilize a self-signed certificate and deploy out the certificate to your endpoints.
I don't recommend utilizing an IP for VPN personally and would recommend setting up an FQDN, but if you're going to utilize an IP it needs to be listed as a SAN for modern browsers to accept it as well. I wouldn't recommend relying solely on IP instead of a DNS entry in a production environment however.
06-26-2024 05:29 AM
Thanks for your assistance it is actually not a new configuration I am actually need some references article or documents if I can get a that will be helpful.
Regards
Sanjib
06-26-2024 07:21 AM
I agree with @BPry if this is an existing deployment with nothing new it seems odd that this error is just randomly occurring. At face value there's 2 things going on here. Either the certificate being presented by the firewall isn't trusted by the machine that's trying to connect to the VPN (meaning you are missing at least one of the following in the local machine cert store: root, intermediate, or issuer.) Option 2 is the certificate is expired and inherently will be untrusted.
There are be other more intricate issues like @BPry mentioned with the cert name not matching the SN/SAN (subject alternative name) -- This wouldn't make sense though to "just have broken" with nothing else being changed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
