Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access VPN - IPSEC with Certificate - connection export .scx file invalid - SFOS 19.5

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197, SFOS 19.5.1 MR-1-Build278 and SFOS 19.5.2 MR-2-Build624 if the "Organization name" in the Certificate does contain Whitespaces.

There are some Bug Reports like NC-85383 and NC-95633 whitch are listed as "resoled issues" at the release notes:

Looks like the same Problem is reported for older Firmware Versions:  IPSEC Remote Access .scx file invalid 

CA Settings

No "German" Umlaute / "Special" Characters but Whitespaces in Company Name Organization Name.

Certificate Settings

Content of xxx.scx:

cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/ line 331.

Distinguished name:

/C=DE/ST=NRW/L=City/O=The Example GmbH/OU=IT/


It does still happen on 19.5-MR2.

This thread was automatically locked due to age.
  • Update from the team on this - 

    The issuer and subject field is same for the client certificate. Only Root CA will have the issuer and subject fields same. Whenever certs are generated using Default.pem as the root CA we should ensure that the subject fields are not same. This is the reason they are seeing this issue and when they remove the space it goes away. For now they can change this. But to handle this kind of issues in future, we should block the user from creating these certs with the same fields that matches issuer’s in the UI.

  • Thanks for the Update.

    Change the CA Subject to be slightly different from the Remote Access Certificate, and now the Config export is ok.

    I agree, this Issue should be prevented.

    Will there be a Issue ID?

  • Thanks. WE will create one for the future release.