Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Certificate warning when enabling SSL cert for Mobile Access VPN

Yesterday I added a SSL certificate to the MAB so that my customers users can log on to the vpn using an URL instead of IP-adress in the connection profile. I was planning to create a new .msi package with the client and new URL and distribute it via GP or put it on the portal site if I managed to put it there.

Now it seems the users are getting a security warning that the fingerprint and the VPN site has changed. Did this happen automatically or is it because somebody told the users there is a new URL? I don't know which yet but was hoping you guys could tell me how it works.

Also, in the future, if this happens automatically. What is the best way to deploy a MAB certificate without the users getting certificate warnings?

 

Capture.PNG

 

Thanks!

 

/ Ilmo

0 Kudos
2 Replies
Highlighted
Leader
Leader

users will always have cert. warning tho, it is expected as it prompts for not-fully-pki CAPI certs I guess if I'm understanding you correctly?

did you gave users user-based certs or p12 one?

Jerry
0 Kudos
Highlighted
Collaborator

I don't have any previous experience working with certificates but I followed the SK on how to create CSR and install certificate for MAB. So I guess the .crt I installed on the GW and assigned to MAB is a .p12. I have not issued certificates to the user PCs.

Should I do that? I tried installing the VPN client on a new PC and then there was no cert warning. So I guess it was only for those who already had a relation with that GW. Since it was the GWs self-signed cert before and now it changed, hence the warning. Is that right?

0 Kudos