Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 3104 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG : NET::ERR_CERT_COMMON_NAME_INVALID

Neil Wilkinson

HI all, 

Hoping you can help. 

Recently an external website we access has been updated and hosted elsewhere. Following the move we now get the following error but only when connecting via the VPN (Remote access).  We can browse to the site without issue without using the VPN connection. Its a HTTPS site.

Error is : NET::ERR_CERT_COMMON_NAME_INVALID 

Now in my limited knowledge and with some basic searching this seems to point to some sort of issue with the Cert for the site but would that then not be an issue in general not just for when we connect the VPN?

I have attempted to add the website as an exception just for testing but the issue remains. 

Any suggestions on how to resolve this or things to check in the firewall would be gratefully received. 

Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Neil,

    I guess you are using some a webproxy or HTTPS inspection when coming/going through the VPN. Then this involves the certificate form the proxyserver itself. You should deploy the CA of this cert to your vpn clients.

    Best thing would be a screenshot of the errormessage with the cert detail infos.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Morning Phillip, 

    Thanks for coming back to me. 

    I believe I have attached the screenshots below that you requested but please let me know if you need something else.

    The error I get now has changed to be bottom image, however this website can still be accessed fine external to our network. 

    Cert Details?

    Web Site Error

    Web Proxy setup? (Note ports 21 and 70 also listed just out of view).

    Thanks again.

  • 0 in reply to Neil Wilkinson

    Hello,

    I have tried opening the website at my end and receiving the same output. I suggest raising the support case to investigate.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML