topic Certificate warning when enabling SSL cert for Mobile Access VPN in SASE and Remote Access

Certificate warning when enabling SSL cert for Mobile Access VPN

Ilmo_Anttonen — Thu, 16 May 2019 13:24:27 GMT

Yesterday I added a SSL certificate to the MAB so that my customers users can log on to the vpn using an URL instead of IP-adress in the connection profile. I was planning to create a new .msi package with the client and new URL and distribute it via GP or put it on the portal site if I managed to put it there.

Now it seems the users are getting a security warning that the fingerprint and the VPN site has changed. Did this happen automatically or is it because somebody told the users there is a new URL? I don't know which yet but was hoping you guys could tell me how it works.

Also, in the future, if this happens automatically. What is the best way to deploy a MAB certificate without the users getting certificate warnings?

Thanks!

/ Ilmo

Re: Certificate warning when enabling SSL cert for Mobile Access VPN

Jerry — Thu, 16 May 2019 14:01:33 GMT

users will always have cert. warning tho, it is expected as it prompts for not-fully-pki CAPI certs I guess if I'm understanding you correctly?

did you gave users user-based certs or p12 one?

Re: Certificate warning when enabling SSL cert for Mobile Access VPN

Ilmo_Anttonen — Fri, 17 May 2019 06:00:19 GMT

I don't have any previous experience working with certificates but I followed the SK on how to create CSR and install certificate for MAB. So I guess the .crt I installed on the GW and assigned to MAB is a .p12. I have not issued certificates to the user PCs.

Should I do that? I tried installing the VPN client on a new PC and then there was no cert warning. So I guess it was only for those who already had a relation with that GW. Since it was the GWs self-signed cert before and now it changed, hence the warning. Is that right?