Re: WEBVPN login page Cerrtificate Error

From: tveillette (tveillette@ct.metrocast.net)
Date: Thu Sep 20 2007 - 12:41:48 ART

• Next message: Matthew Long: "RE: Interesting VPN Access Issue"
• Previous message: Scott Morris: "RE: Problem with Distance in OSPF"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: Martin Kiefer: "RE: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Two options.
1) Use a CA that is already trusted via common client web
browser and create ID cert on the device.

2) Import any untrusted CA root into client browsers, and
use for ID cert on device.

-TV

----- Original Message Follows -----
From: "pankaj ahuja" <networksecurityconsultant@gmail.com>
To: ccielab@groupstudy.com, security@groupstudy.com
Subject: WEBVPN login page Cerrtificate Error
Date: Wed, 19 Sep 2007 13:04:47 -0400

>Hello All,
>
>When the users access the webvpn login page via the URL
>https://A.B.C.D , they see an Certificate error page that
>says
>
>"The security certificate presented by this website was not
>issued by a trusted certificate authority.
>The security certificate presented by this website was
>issued for a different website's address"
>
>
>and then it presents the option to "close the website" or
>"continue to this page". After choosing continue to this
>page Users finally reach the page where they are to login
>using their Webvpn credentials.
>
>I'm trying to remove the Certificate error page and know
>that it has got something to do with the Certificate on the
>VPN Concentrator. what I'm not sure about is the procedure,
>i.e.
>
>Do I need an Identity Certificate from a CA first and then
>I should generate a Certifcate on the Concentrator?
>
>Should I not be able to skip the CA part and just have a
>Certificate generated on the VPN Concentrator. I know the
>users wouldn't be able to verify the Certificate but all
>we're aiming for is to not reach that page wherein it says
>Certificate Error.
>
>To describe the Topology we have :
>
>We have WebVPN on a VPN concentrator 3020 which is
>configured for Load Balancing with a 3015. Also these
>concentrators are behind 2 different Firewalls, the private
>and public interfaces of these Concentrators have a private
>IP. The public interfaces are Natted on the Firewalls to a
>public IP.
>
>Any suggestion on how to make this possible are welcome.
>
>Thanks
>
>Regards
>Pankaj
>
>___________________________________________________________
>____________ Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Matthew Long: "RE: Interesting VPN Access Issue"
• Previous message: Scott Morris: "RE: Problem with Distance in OSPF"
• Maybe in reply to: pankaj ahuja: "WEBVPN login page Cerrtificate Error"
• Next in thread: Martin Kiefer: "RE: WEBVPN login page Cerrtificate Error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART