Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Zertifikatefehler bei SSL VPN mit Mac


Wir haben bei uns VPN ueber SSL eingerichtet. Bei den Windows Clients funktioniert dies alles bestens. Den Sophos Client samt Konfigurationsdatei verteilt und fertig.

Wenn ich aber die gleiche Konfiguration mit bspw. Tunnelblick auf dem Mac verwende, kommt immer die Meldung der Algorythmus ist zu schwach.

Meldung ist unten.


2021-07-08 17:31:28.148790 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=de, L=Testort, O=Testfirma, CN=Testgate,, serial=15596714891964877304
2021-07-08 17:31:28.148894 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-07-08 17:31:28.148919 TLS_ERROR: BIO read tls_read_plaintext error
2021-07-08 17:31:28.148936 TLS Error: TLS object -> incoming plaintext read error
2021-07-08 17:31:28.148951 TLS Error: TLS handshake failed

This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    If possible, try to regenerate the Signing CA from Remote Access > CErtificate Management > Advanced. This process will regenerate the user certificates thus, you'd have to download the new configuration for all the SSL VPN users. You probably haven't re-generated the Signing CA since the initial deployment, and all the user certificates are based on the old default settings.

    Caution! The device and all user certificates will be regenerated using the new signing CA. This will break certificate-based site-to-site and remote access VPN connections.


  • Hi Patel,

    thank you for your response.

    This option is the last I wanted to try, because we have some site to site connections and employees connectet with vpn.