VPN through Gateway Browsing HTTPS residual certificate issue

Document created by Vladimir Yakovlev Champion on Mar 25, 2018
Version 1Show Document
  • View in full screen mode

With HTTPS inspection configured and Outbound Certificate distributed, following behavior being observed:

From internal hosts, browsers reaching destination, substituted certificate is shown as valid and there are no indications of the intercept:

    

 

When remote client (Endpoint VPN) establishes the connection to the same site, certificate is substituted, declared "valid", but the browser indicates the site being "Not Secure":

 

 

Certificate is installed on the remote client in Trusted Root Certification Authorities:

 

 

The culprit was the older certificate issued by the same gateway and installed on clients. After removal of the old certificate, clients' browsers behavior reverted to normal.

Attachments

    Outcomes