Got it
Huawei Enterprise Support Community
Community Forums Security
certificate for ssl vpn (...

certificate for ssl vpn (usg6565e)

Created: Aug 26, 2020 12:39:59Latest reply: Nov 13, 2020 08:11:59 751 9 0 0 0
  HiCoins as reward: 0 (problem unresolved)
View the author 1#

good day!


I have configured ssl vpn gateway. it  works well, but it works with preinstalled ssl certificate.


SSL ERROR


 I have a valid ssl certificat for  domain and need to replace the default with a new one. New certificate is a .crt , which i converted to .cer

I tried to upload local  certificate , but got an error "get certificate failed"

CERTIFICATE ERROR

what is my mistake?

ssl vpn errorcertificate invalid

Like (0) Dislike (0) Favorite(0) Share Report
Previous: IPsec
Next: usg6500 and Active Directory
Featured Answers

Recommended answer

(1) (0)
jason_hu
Admin Created Aug 28, 2020 01:16:53

Hello,
Untrusted: The SSL decryption certificate is not trusted by the client.
Upon receiving a true server certificate, the FW verifies the certificate. If the true server certificate is illegal (not issued by a trusted CA or is revoked), the FW re-issues a certificate using an untrusted SSL decryption certificate to the client. Because the SSL decryption certificate is not trusted by the client, client applications identify the certificate as illegal. In such a case, an application of the client prompts a security alert, indicating that the server certificate is illegal. Users can release the alert or terminate the access. In this way, the FW correctly delivers the information about the illegal certificate of the server to the client, so that users can learn possible security risks. https://support.huawei.com/hedex/hdx.do?docid=EDOC1100092598&id=EN-US_TOPIC_0184839760&lang=en

View more
  • x
  • convention:
All Answers
(0) (0)
2#
liqiang185
liqiang185 Admin Created Aug 26, 2020 12:42:03


Dear friend!
Please rest assured that we'll be back with an answer shortly.
View more
  • x
  • convention:
(1) (0)
3#
jason_hu
jason_hu Admin Created Aug 26, 2020 13:03:25

Hello, 

You can refer to the steps to import the certificate https://support.huawei.com/hedex/hdx.do?docid=EDOC1100092598&id=EN-US_TASK_0178922784&lang=en 

Hope to help you!

View more
  • x
  • convention:
(0) (0)
4#
andrey.rychkov
andrey.rychkov Created Aug 26, 2020 13:42:36

Hi again!
Thenk you for the link. I was able to import certificate as it shows in this document.

import


 but in drop-down-menu
i can find only preinstalled certificate


drop-down-menu


and browser shows thats certificate i use is selfgenerated


risk


View more
  • x
  • convention:
(0) (0)
5#
jason_hu
jason_hu Admin Created Aug 27, 2020 02:09:50

Hello friend!
I have checked the relevant cases, and I suspect that you did not import the certificate correctly before. I suggest you delete the uploaded certificate and re-import the certificate according to the correct import method.
View more
  • x
  • convention:
(0) (0)
6#
andrey.rychkov
andrey.rychkov Created Aug 27, 2020 11:09:26

Hi jason_hu !

 i tried do this again. and the error i get :


illegal


What does this error mean? bad certificate or wrong password to certificate?

View more
  • x
  • convention:
(1) (0)
7#
jason_hu
jason_hu Admin Created Aug 28, 2020 01:16:53

Hello,
Untrusted: The SSL decryption certificate is not trusted by the client.
Upon receiving a true server certificate, the FW verifies the certificate. If the true server certificate is illegal (not issued by a trusted CA or is revoked), the FW re-issues a certificate using an untrusted SSL decryption certificate to the client. Because the SSL decryption certificate is not trusted by the client, client applications identify the certificate as illegal. In such a case, an application of the client prompts a security alert, indicating that the server certificate is illegal. Users can release the alert or terminate the access. In this way, the FW correctly delivers the information about the illegal certificate of the server to the client, so that users can learn possible security risks. https://support.huawei.com/hedex/hdx.do?docid=EDOC1100092598&id=EN-US_TOPIC_0184839760&lang=en

View more
  • x
  • convention:
(1) (0)
8#
andrey.rychkov
andrey.rychkov Created Sep 18, 2020 11:16:17

It looks like i found what the problem was to the certificate. My certificate is wildcard type. Firewall refused to work with wildcard certif. I made a usual one and it suits to FW.
View more
  • x
  • convention:
(0) (0)
9#
user_3972679
user_3972679 Created Sep 21, 2020 12:25:02

If you want more information about SSL Certificate so please check here.
https://www.wildcardsslcertificate.com/
View more
  • x
  • convention:
(0) (0)
10#
andrey.rychkov
andrey.rychkov Created Nov 13, 2020 08:11:59

In short:

1) As i understand wildcard certificate isnt sutable for this task

2) in case we have an error "The CA certificate is illigal" we need to import certificate with the key file

3) Importing certificate is not enouhg to eliminate the error of SecoClient (untrusted server) , we also need to import certificate to users PC
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.