Author: Musab Osman
- When trying to access firewall from Safari we get the error message "NSURLErrorDomain:-1202"
- When trying to access VPN from OnConnect we encounter a Certificate trust error "Server certificate could not be validated. Try adding the certificate to keychain"
Big Sur is requiring a self-signed certificate with alternative DNS name which can be created with the following steps:
- Access the firewall WebUI using Chrome or Firefox browser and if encountering any certificated issue write blindly "thisisunsafe" and press enter and then we will be able to see the login page if we wrote the text correctly.
- By write blindly, we mean that when clicking on any place on the page and then type the text "thisisunsafe" on the keyboard. We won’t be able to see the typing text on your screen, we just have to execute it by pressing Enter when done (a hidden command).
- After login Go to Objects→ GENERAL→ Key Ring and click on add certificate, and then on configure under General Certificate, change the Certificate type to self-signed, then enter a proper subject name and subject alternative name as "*.clavister.com", change the public key type to RSA instead of EC. Optionally it is also possible to increase the certificate validation, when done click on Generate.
- Now we need to configure the new certificate to be used by the firewall for WebUI login and SSL VPN connection as following:
- Go to System→ Remote Management→ Advanced Settings. Under WebUI→ HTTPS Certificate and change the certificate to the new self-signed certificate that was created.
- Deploy the configuration change.
- From MacOS device were the SSL client is installed try to access the firewall with HTTPS using Safari browser instead of Chrome and Firefox. We will get "This connection is not private" message, click on show details and then click on visit this website and the certificate will be added to the keychain login certificates automatically.
- Start the client by running the login with SSL VPN towards the firewall.
Note: It is not possible to access the firewall using Safari browser on Mac Big Sur with the default “HTTPSAdminCert”.
3 Jun, 2022 oneconnect openconnect sslvpn
23 Aug, 2022 sslvpn openconnect oneconnect android core
29 Oct, 2021 sslvpn openconnect oneconnect windows
5 Mar, 2021 sslvpn openconnect oneconnect linux core
8 Apr, 2021 core sslvpn oneconnect interfaces arp
22 Aug, 2022 onetouch sslvpn oneconnect
25 Nov, 2022 core configuration sslvpn management
23 Aug, 2022 sslvpn openconnect oneconnect macos windows linux core