Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 2331 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installed new certificate and CA, but cannot select it to be used for admin login or user portal

Schlippety

I have added a wildcard certificate purchased from comodo to my certificate list, along with the CA. THe certificate shows the green checkbox under Authority in the certificate list. However when I navigate to "Administration > Admin settings" the only option I can choose under "Certificate" is ApplicanceCertificate. 

 

Also when I go to SSL VPN settings the only certificate I can select is ApplianceCertificate also. 

What step am I missing to use my proper certificate for the web portals?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Schlippety

    Delete everything and upload the CA and any intermediate CA then upload the CA.

    While you perform these steps, connect to XG advanced shell (option 5 >3 ) and type:

    tail -f /log/*.log | grep -i certificate

    Regards

  • 0 in reply to lferrara

    Thanks, see below

     

    XG210_WP03_SFOS 17.5.10 MR-10# tail -f /log/*.log | grep -i certificate
    2020-03-16 14:51:58 19[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:53:02 30[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:53:41 14[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:54:02 27[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:54:28 18[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    [Mon Mar 16 14:54:28.610115 2020] [ssl:warn] [pid 7120:tid 4143356224] AH01909: manage.cyberoam:65004:0 server certificate does NOT include an ID which matches the server name
    [Mon Mar 16 14:54:28.679292 2020] [ssl:warn] [pid 7120:tid 4143356224] AH01909: manage.cyberoam:65003:0 server certificate does NOT include an ID which matches the server name
    WARNING: Skipping expired Certificate Equifax_Secure_CA.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_2_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate STATIC_VeriSign_Inc_VeriSign_Class_3_International_Server_CA_-_G3.pem
    WARNING: Skipping expired Certificate RSA_Root_Certificate_1.pem
    WARNING: Skipping expired Certificate Certplus_Class_2_Primary_CA.pem
    WARNING: Skipping expired Certificate STATIC_ValiCert_Inc_ValiCert_Class_1_Policy_Validation_Authority.pem
    WARNING: Skipping expired Certificate GeoTrust_Global_CA_2.pem
    WARNING: Skipping expired Certificate NetLock_Express_Class_C_Root.pem
    WARNING: Skipping duplicate certificate comodo-root.pem
    WARNING: Skipping expired Certificate Deutsche_Telekom_Root_CA_2.pem
    Key for read :certificateid
    'client_cert_file' => '/conf/certificate/myuser_170D4DEDFF2.pem',
    'client_key_file' => '/conf/certificate/private/myuser_170D4DEDFF2.key',
    2020-03-16 14:53:02 30[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:53:41 14[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:54:02 27[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-03-16 14:54:28 18[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    ********** Entity json validation log End FOR :16-3-2020 14:54:28 Objectname=system::certificate
    ==> /log/vpncertificate.log <==
    CA id for ApplianceCertificate.pem is :1
    caid for certificate mydomain-wildcard is :208

  • 0 in reply to Schlippety

    I just sent a PM.

    If you want I can connect and check with you the issue.

    Regards