RE: WEBVPN login page Cerrtificate Error

From: Andy Cole (Andy.Cole@foremostfarms.com)
Date: Wed Sep 19 2007 - 15:11:10 ART

• Next message: Scott Morris: "RE: STP and Routing questions"
• Previous message: Ben: "Re: ACL Need to clarify Thanks"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: Farrukh Haroon: "Re: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Buying a public certificate from someone like Verisign, (there are
others) will fix the 'error'.

Sometimes if the user clicks on view the certificate, installs the
certificate, the error may go away.

Best practice is to buy a security certificate, you site will be more
secure.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
pankaj ahuja
Sent: Wednesday, September 19, 2007 12:05 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: WEBVPN login page Cerrtificate Error

Hello All,

When the users access the webvpn login page via the URL https://A.B.C.D
, they see an Certificate error page that says

"The security certificate presented by this website was not issued by a
trusted certificate authority.
The security certificate presented by this website was issued for a
different website's address"

and then it presents the option to "close the website" or "continue to
this page". After choosing continue to this page Users finally reach the
page where they are to login using their Webvpn credentials.

I'm trying to remove the Certificate error page and know that it has got
something to do with the Certificate on the VPN Concentrator. what I'm
not sure about is the procedure, i.e.

Do I need an Identity Certificate from a CA first and then I should
generate a Certifcate on the Concentrator?

Should I not be able to skip the CA part and just have a Certificate
generated on the VPN Concentrator. I know the users wouldn't be able to
verify the Certificate but all we're aiming for is to not reach that
page wherein it says Certificate Error.

To describe the Topology we have :

We have WebVPN on a VPN concentrator 3020 which is configured for Load
Balancing with a 3015. Also these concentrators are behind 2 different
Firewalls, the private and public interfaces of these Concentrators have
a private IP. The public interfaces are Natted on the Firewalls to a
public IP.

Any suggestion on how to make this possible are welcome.

Thanks

Regards
Pankaj

• Next message: Scott Morris: "RE: STP and Routing questions"
• Previous message: Ben: "Re: ACL Need to clarify Thanks"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: Farrukh Haroon: "Re: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:13 ART