AnsweredAssumed Answered

R80.10 VPN site-to-site certificate problem

Question asked by Mirosław Zimny on Oct 25, 2018
Latest reply on Oct 25, 2018 by Mirosław Zimny

After upgrading Security Gateway from R77.30 to R80.10 we have lost VPN site to site connectivity using certificates. In log we have found something like this:

Main Mode Issuer CN=RootCA.something*,OU=something,O=something,L=something,ST=something,C=PL is not a CA.

and then:

Main Mode Sent Notification to Peer: invalid certificate

 

In vpnd.elg we have also found:

CA certificate CN=RootCA.something,OU=something,O=something,L=something,ST=something,C=PL does not contain a BasicConstraints extension.

 

I attached the vpnd.elg file for details.

 

In R80.10 Relase Notes and any other docs there is no word about such issues when upgrading from R77.x to R80.10. What's wrong?

 

 

Thanks in advance for Your support

Regards

Mirek

 

*) something is used here for example only to hide details

Attachments

Outcomes