This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN issue

Hello,

I have issue in VPN connection, I got (TLS handshake failed) error!

please review below logs: 

Sun Mar 21 11:41:55 2021 TLS: Initial packet from [AF_INET]196.219.26.250:8443, sid=216d22bd ccebd945
Sun Mar 21 11:41:55 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar 21 11:41:56 2021 VERIFY OK: depth=1, C=EG, ST=Egypt, L=Giza, O=QES, OU=OU, CN=Sophos_CA_C1A0A48GGC483FE, emailAddress=aothman@qe-software.com
Sun Mar 21 11:41:56 2021 VERIFY ERROR: depth=0, error=certificate has expired: C=EG, ST=Egypt, L=Giza, O=QES, OU=OU, CN=VPN, emailAddress=aothman@qe-software.com
Sun Mar 21 11:41:56 2021 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Mar 21 11:41:56 2021 TLS Error: TLS object -> incoming plaintext read error
Sun Mar 21 11:41:56 2021 TLS Error: TLS handshake failed
Sun Mar 21 11:41:56 2021 SIGUSR1[soft,tls-error] received, process restarting
Sun Mar 21 11:41:56 2021 MANAGEMENT: >STATE:1616319716,RECONNECTING,tls-error,,,,,
Sun Mar 21 11:41:56 2021 Restart pause, 2 second(s)
Sun Mar 21 11:41:58 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Mar 21 11:41:58 2021 UDPv4 link local: [undef]
Sun Mar 21 11:41:58 2021 UDPv4 link remote: [AF_INET]192.168.0.254:8443
Sun Mar 21 11:41:58 2021 MANAGEMENT: >STATE:1616319718,WAIT,,,,,,

As per my search on community, issue may be resulted from certificate name.

how could i change it please ?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi, Thank you for reaching out to Sophos Community.

    You can always create a new self-signed certificate and use it with the SSL VPN.

    --> After preforming these steps, all the users will have to re-download the configuration file from user-portal as the certificate will be changed.

    To create a self-signed cert, Navigate to Remote Access > Certificate Management > Generate 

    After creating the certificate, Navigate to Remote Access > SSL > Advanced > Server Certificate. Here you can select the Self-Signed certificate which you have created.