Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 1307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Randomly CA in client SSL VPN configuration file?

ErikFranzén

In the downloaded SSL VPN client configuration file the SSL VPN CA is attached in the beginning of the file. In my world is should be the CA which has signed the SSL VPN server cert configured in the UTM. But is not! I have two UTM:s, one the first, the CA is one of my uploaded CA (without the private key) and on the other one is the CA used in the reverse web proxy server. None of them is the CA for the SSL VPN Server cert. The CA for the SSL VPN Server cert is uploaded (with private key)

In later versions of Sophos Connect, the connection fails if the provided CA is wrong in the client configuration file.

Solution: Export the correct CA as plain text. Replace the CA with the correct CA in the client config file. You can remove all CA meta data after the row "Certificate:" in the CA section since meta data it not necessarily to make a successful connection. 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to ErikFranzén

    First of all it must be a CA with a key (our initial statement is not clear about this) since the server has to be able to identify itself.

    Second a st least a subset of Key usage/extended key usage mus be permitted in the cerificate to sign client certificates and establish encrypted communication. It's not required to use the prebuild certificate, you can import your own.

    I use the certificate of another Sophos cluster there to have the ability to login to different clusters using the same credentials.

Unfiltered HTML