In the downloaded SSL VPN client configuration file the SSL VPN CA is attached in the beginning of the file. In my world is should be the CA which has signed the SSL VPN server cert configured in the UTM. But is not! I have two UTM:s, one the first, the CA is one of my uploaded CA (without the private key) and on the other one is the CA used in the reverse web proxy server. None of them is the CA for the SSL VPN Server cert. The CA for the SSL VPN Server cert is uploaded (with private key)
In later versions of Sophos Connect, the connection fails if the provided CA is wrong in the client configuration file.
Solution: Export the correct CA as plain text. Replace the CA with the correct CA in the client config file. You can remove all CA meta data after the row "Certificate:" in the CA section since meta data it not necessarily to make a successful connection.
This thread was automatically locked due to age.