Certificate problem using SSL VPN together with MacOS version 11.1 and upLast modified on 2 Feb, 2021. Revision 5
|Up to date for||
cOS Core all versions
MacOS version 11.1 and up
Author: Musab Osman
- When trying to access firewall from Safari we get the error message "NSURLErrorDomain:-1202"
- When trying to access VPN from OnConnect we encounter a Certificate trust error "Server certificate could not be validated. Try adding the certificate to keychain"
Big Sur is requiring a self-signed certificate with alternative DNS name which can be created with the following steps:
- Access the firewall WebUI using Chrome or Firefox browser and if encountering any certificated issue write blindly "thisisunsafe" and press enter and then we will be able to see the login page if we wrote the text correctly.
- By write blindly, we mean that when clicking on any place on the page and then type the text "thisisunsafe" on the keyboard. We won’t be able to see the typing text on your screen, we just have to execute it by pressing Enter when done (a hidden command).
- After login Go to Objects→ GENERAL→ Key Ring and click on add certificate, and then on configure under General Certificate, change the Certificate type to self-signed, then enter a proper subject name and subject alternative name as "*.clavister.com", change the public key type to RSA instead of EC. Optionally it is also possible to increase the certificate validation, when done click on Generate.
- Now we need to configure the new certificate to be used by the firewall for WebUI login and SSL VPN connection as following:
- Go to System→ Remote Management→ Advanced Settings. Under WebUI→ HTTPS Certificate and change the certificate to the new self-signed certificate that was created.
- Deploy the configuration change.
- From MacOS device were the SSL client is installed try to access the firewall with HTTPS using Safari browser instead of Chrome and Firefox. We will get "This connection is not private" message, click on show details and then click on visit this website and the certificate will be added to the keychain login certificates automatically.
- Start the client by running the login with SSL VPN towards the firewall.
Note: It is not possible to access the firewall using Safari browser on Mac Big Sur with the default “HTTPSAdminCert”.
13 Jul, 2021 oneconnect openconnect sslvpn
9 Aug, 2021 sslvpn openconnect oneconnect macos ios netwall
5 Mar, 2021 sslvpn openconnect oneconnect android core
7 Jul, 2021 sslvpn openconnect oneconnect windows
5 Mar, 2021 sslvpn openconnect oneconnect linux core
8 Apr, 2021 core sslvpn oneconnect interfaces arp
12 Oct, 2021 oneconnect sslvpn
5 Mar, 2021 sslvpn openconnect oneconnect macos windows linux core