Hello9,
i'm having an issue on a customer in which we can't connect using SSL VPN AT ALL.
logs shows:
Mon Sep 14 11:16:36 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Sep 14 11:16:37 2020 VERIFY OK: depth=1, C=ar, L=Esquel, O=ttttt "name" Ltda., CN=ttttt "name" Ltda. VPN CA, emailAddress=sssssssssss Mon Sep 14 11:16:37 2020 VERIFY X509NAME ERROR: C=ar, L=Esquel, O=ttttt "name" Ltda., CN=firewall, emailAddress=sssssssss, must be C=ar, L=Esquel, O=ttttt Mon Sep 14 11:16:37 2020 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Mon Sep 14 11:16:37 2020 TLS Error: TLS object -> incoming plaintext read error Mon Sep 14 11:16:37 2020 TLS Error: TLS handshake failed
I'm baffled as to why this is occuring, test i've done which all fail the same way:
- Using IP address of one of the WAN interfaces on the "override hostname"
- Regenerating the local certificate authority
- using different WAN links to not share the port with user portal
- Using a public hostname
¿Could it be that since the company name has quotes in it that's breaking the verification? because the VERIFY X509NAME ERROR line in the log is truncated JUST before the first quote after the O= value
UTM is running 9.703, it's configured with a nonpublic system hostname as "hostname".
This thread was automatically locked due to age.
