Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 10086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - VERIFY ERROR: depth=1, error=certificate is not yet valid

Łukasz Olszowy

On a brand new XG86 I can't get to work with SSL VPN.

I still got errors during connect:

Sat Dec 07 09:04:47 2019 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=PL, ST=Zachodniopomorskie, L=Szczecin, O=Company Name, OU=OU, CN=Sophos_CA_C0A0B7J9VQCVC79, emailAddress=kontakt@domain.pl
Sat Dec 07 09:04:47 2019 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sat Dec 07 09:04:47 2019 TLS_ERROR: BIO read tls_read_plaintext error
Sat Dec 07 09:04:47 2019 TLS Error: TLS object -> incoming plaintext read error
Sat Dec 07 09:04:47 2019 TLS Error: TLS handshake failed
Sat Dec 07 09:04:47 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Dec 07 09:04:47 2019 MANAGEMENT: >STATE:1575705887,RECONNECTING,tls-error,,,,,

 

I've read some articles about this problem. I've found two solutions:
1. setup a proper date/time. 
2. Recreate appliance certificate

None of them worked for me. I still got the same issue. Have you got any suggestions?



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi Łukasz Olszowy,

    I recently worked on an issue like yours and in my case it was only one user reported this problem. In SSLVPN logs TLS handshake was failing and the reason for that could be the user certificate malformed during installation/download process of the client configuration. If this issue is noticed by only one user than find that users certificate on the XG firewall and delete it. Now log in to the UserPortal and re-download the client configuration, this process will re-generate user certificate on the firewall.

    Thanks,

Reply
  • FormerMember
    +1 FormerMember

    Hi Łukasz Olszowy,

    I recently worked on an issue like yours and in my case it was only one user reported this problem. In SSLVPN logs TLS handshake was failing and the reason for that could be the user certificate malformed during installation/download process of the client configuration. If this issue is noticed by only one user than find that users certificate on the XG firewall and delete it. Now log in to the UserPortal and re-download the client configuration, this process will re-generate user certificate on the firewall.

    Thanks,

Children
Unfiltered HTML