Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RickyDan
Contributor

Wildcard certificate not trusted

I uploaded a DigiCert wildcard certificate for *.domain.com via Gateway Properties > Mobile Access > Portal Settings. I configured a VPN site using vpn.domain.com as the server name but I still get a certificate not trusted error while creating the site. The details window said that the certificate is for *.domain.com while the site is for vpn.domain.com. 

Are wildcard certs supported for remote access VPN? What do I need to do?

0 Kudos
10 Replies
the_rock
Legend
Legend

Im pretty positive that wildcard certs are indeed supported. I think one of my customers had this exact issue before, so will try comb through my notes tomorrow and see how we fixed it.

0 Kudos
RickyDan
Contributor

Ok thanks. Awaiting your update.

0 Kudos
the_rock
Legend
Legend

Would you mind send a screenshot? I just want to confirm it was exact same issue I had as well.

0 Kudos
RickyDan
Contributor

cp-wildcard-error.PNG

0 Kudos
the_rock
Legend
Legend

Definitely not the same issue, their problem was that something was wrong with the cert, once they got the right one, all worked fine. Anyway, here is what I find a bit odd...why does it show connecting to *.abc.com, rather than say vpn.abc.com? That makes no sense...what are people entering when creating a site?

0 Kudos
RickyDan
Contributor

I created the VPN site with vpn.domain.com and the wildcard cert is uploaded in the Mobile Access portal settings.

0 Kudos
Ruan_Kotze
Advisor

Yes this is a known issue - wildcards are supported but you will get this warning on the 1st connection.  I recall previous discussions on CheckMates where this was also highlighted.  In my opinion the warning should not be thrown.

0 Kudos
the_rock
Legend
Legend

Thats good to know, because I dont recall seeing that before on first connection. I know thats been like forever for regular RA vpn, but dont remember seeing it when using wildcard cert for mobile access. Maybe its just me getting old-ER : - )

0 Kudos
RickyDan
Contributor

Hey, thanks. This means it makes no difference leaving it as the self-signed certificate since the warning still shows when creating the site.

JanVC
Collaborator

see sk118454

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events