Re: WEBVPN login page Cerrtificate Error

From: pankaj ahuja (networksecurityconsultant@gmail.com)
Date: Wed Sep 19 2007 - 18:08:53 ART

• Next message: Joseph Brunner: "CCIE lab and how tasks are graded - example."
• Previous message: Sadiq Yakasai: "Re: What would you do?"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: tveillette: "Re: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Christian,

Thank you for the detailed explanation.

I'd have to go with buying a Security certificate coz my users may end up
using home PC's, cafe and anything like that.

Andy, Claudio, and Farukh thank you for your suggestions, it was my bad. I
was not aware that the client PC compared the certificate it received
against the one's in its database.

Appreciate your help.

Regards
Pankaj

On 9/19/07, pankaj ahuja <networksecurityconsultant@gmail.com> wrote:
>
> Hello All,
>
> When the users access the webvpn login page via the URL https://A.B.C.D>, they see an Certificate error page that says
>
> "The security certificate presented by this website was not issued by a
> trusted certificate authority.
> The security certificate presented by this website was issued for a
> different website's address"
>
>
> and then it presents the option to "close the website" or "continue to
> this page". After choosing continue to this page Users finally reach the
> page where they are to login using their Webvpn credentials.
>
> I'm trying to remove the Certificate error page and know that it has got
> something to do with the Certificate on the VPN Concentrator. what I'm not
> sure about is the procedure, i.e.
>
> Do I need an Identity Certificate from a CA first and then I should
> generate a Certifcate on the Concentrator?
>
> Should I not be able to skip the CA part and just have a Certificate
> generated on the VPN Concentrator. I know the users wouldn't be able to
> verify the Certificate but all we're aiming for is to not reach that page
> wherein it says Certificate Error.
>
> To describe the Topology we have :
>
> We have WebVPN on a VPN concentrator 3020 which is configured for Load
> Balancing with a 3015. Also these concentrators are behind 2 different
> Firewalls, the private and public interfaces of these Concentrators have a
> private IP. The public interfaces are Natted on the Firewalls to a public
> IP.
>
> Any suggestion on how to make this possible are welcome.
>
> Thanks
>
> Regards
> Pankaj

• Next message: Joseph Brunner: "CCIE lab and how tasks are graded - example."
• Previous message: Sadiq Yakasai: "Re: What would you do?"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: tveillette: "Re: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:13 ART