OneConnect VPN certificate not trustedLast modified on 12 Oct, 2021. Revision 9
|Up to date for||
cOS Core 13.00.09 and up
cOS Core 13.00.09
|Not valid for||
cOS Core 13.00.08 and older
When trying to initiate a connection with Clavister OneConnect Client you may get the following error.
Windows: Server certificate is not trusted by Windows
iOS: Invalid certificate format
BackgroundCertification validation is done in several steps.
- First Client initiates a connection to the configured NetWall (vpnserver.mydomain.com).
- Next, the Netwall presents it's system certificate. The subject field needs to contain the correct DNS name(s) (FQDN), either vpnserver.mydomain.com (or *.mydomain.com when using a wildcard certificate).
- If the first two steps are successful the certificate will be checked against the clients system certificate store.
If there is a mismatch (for example you enter the IP address instead of the FQDN, or the certificate is not trusted) you get the described error.
- Make sure that your certificate fits the requirements and has the correct FQDN
- Import the certificate incl. private key in your NetWall under /Objects /General /Key Ring. Type must show as Local.
- Select the certificate as HTTPS certificate under /System /Device /Device Settings /Remote Management → /Advanced Settings
Be aware that this is also the certificate of your Web-User-Interface!
- Import the certificate to your clients system certificate store.
- If the certificate is bought from a well-known CA authority you should be able to skip this step, as your computer already trusts the according CA.
- If the certificate is self-signed then you need to import it on all clients using OneConnect. Please follow the documentation of your operating system on how to do this.
- Note: The private key should not be exported.
13 Jul, 2021 oneconnect openconnect sslvpn
9 Aug, 2021 sslvpn openconnect oneconnect macos ios netwall
5 Mar, 2021 sslvpn openconnect oneconnect android core
7 Jul, 2021 sslvpn openconnect oneconnect windows
13 Oct, 2021 oneconnect macos openconnect ios
2 Feb, 2021 core sslvpn macos certificate
5 Mar, 2021 sslvpn openconnect oneconnect linux core
8 Apr, 2021 core sslvpn oneconnect interfaces arp
10 Mar, 2021 core oneconnect
29 Jun, 2021 core oneconnect
5 Mar, 2021 sslvpn openconnect oneconnect macos windows linux core