Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 6251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Certificate Verified Failed

Kuo Zhi Hang

XG135 Running on Ver 17.7 MR12

My SSL VPN not working.

Troubleshooting i have done:

Checked Sophos Date & Time correct
Delete & redownload user certificate few times

Below are the client side log:

Fri Nov 06 11:58:47 2020 Fatal TLS error (check_tls_errors_co), restarting
Fri Nov 06 11:58:47 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 06 11:58:47 2020 MANAGEMENT: >STATE:1604635127,RECONNECTING,tls-error,,,,,
Fri Nov 06 11:58:47 2020 Restart pause, 5 second(s)
Fri Nov 06 11:58:52 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Nov 06 11:58:52 2020 Attempting to establish TCP connection with [AF_INET]10.0.1.10:8443 [nonblock]
Fri Nov 06 11:58:52 2020 MANAGEMENT: >STATE:1604635132,TCP_CONNECT,,,,,,
Fri Nov 06 11:58:53 2020 TCP connection established with [AF_INET]10.0.1.10:8443
Fri Nov 06 11:58:53 2020 TCPv4_CLIENT link local: [undef]
Fri Nov 06 11:58:53 2020 TCPv4_CLIENT link remote: [AF_INET]10.0.1.10:8443
Fri Nov 06 11:58:53 2020 MANAGEMENT: >STATE:1604635133,WAIT,,,,,,
Fri Nov 06 11:58:53 2020 MANAGEMENT: >STATE:1604635133,AUTH,,,,,,
Fri Nov 06 11:58:53 2020 TLS: Initial packet from [AF_INET]10.0.1.10:8443, sid=aca4e357 399e5ba4
Fri Nov 06 11:58:53 2020 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=GB, ST=Oxfordshire, L=Abingdon, O=Sophos, OU=OU, CN=SophosApplianceCertificate_C1B104HK6YDXJ7A, emailAddress=support@sophos.com
Fri Nov 06 11:58:53 2020 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Fri Nov 06 11:58:53 2020 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 06 11:58:53 2020 TLS Error: TLS handshake failed
Fri Nov 06 11:58:53 2020 Fatal TLS error (check_tls_errors_co), restarting
Fri Nov 06 11:58:53 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 06 11:58:53 2020 MANAGEMENT: >STATE:1604635133,RECONNECTING,tls-error,,,,,
Fri Nov 06 11:58:53 2020 Restart pause, 5 second(s)
Fri Nov 06 11:58:58 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Nov 06 11:58:58 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
Fri Nov 06 11:58:58 2020 MANAGEMENT: >STATE:1604635138,TCP_CONNECT,,,,,,
Fri Nov 06 11:58:59 2020 TCP connection established with [AF_INET]10.255.0.1:8443
Fri Nov 06 11:58:59 2020 TCPv4_CLIENT link local: [undef]
Fri Nov 06 11:58:59 2020 TCPv4_CLIENT link remote: [AF_INET]10.255.0.1:8443
Fri Nov 06 11:58:59 2020 MANAGEMENT: >STATE:1604635139,WAIT,,,,,,
Fri Nov 06 11:58:59 2020 MANAGEMENT: >STATE:1604635139,AUTH,,,,,,
Fri Nov 06 11:58:59 2020 TLS: Initial packet from [AF_INET]10.255.0.1:8443, sid=2364e99f 894f86ae
Fri Nov 06 11:58:59 2020 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=GB, ST=Oxfordshire, L=Abingdon, O=Sophos, OU=OU, CN=SophosApplianceCertificate_C1B104HK6YDXJ7A, emailAddress=support@sophos.com
Fri Nov 06 11:58:59 2020 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Fri Nov 06 11:58:59 2020 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 06 11:58:59 2020 TLS Error: TLS handshake failed
Fri Nov 06 11:58:59 2020 Fatal TLS error (check_tls_errors_co), restarting
Fri Nov 06 11:58:59 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Nov 06 11:58:59 2020 MANAGEMENT: >STATE:1604635139,RECONNECTING,tls-error,,,,,
Fri Nov 06 11:58:59 2020 Restart pause, 5 second(s)

Based on the log it shows Certificate issues, please advise.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you update the default certificate of the firewall? Ensure that there are no special characters in the certificate name or any other fields. Once you update the default certificate, delete the user certificate from the firewall, and download the configuration from the user portal, this process will re-generate the user certificate.

    Thanks,  

  • 0 in reply to FormerMember

    Few days ago its certificate error, but today i encounter something different, clients log as below:

    Mon Nov 09 11:54:54 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:54:59 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:54:59 2020 Attempting to establish TCP connection with [AF_INET]10.0.1.10:8443 [nonblock]
    Mon Nov 09 11:54:59 2020 MANAGEMENT: >STATE:1604894099,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:09 2020 TCP: connect to [AF_INET]10.0.1.10:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:09 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:09 2020 MANAGEMENT: >STATE:1604894109,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:09 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:14 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:14 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
    Mon Nov 09 11:55:14 2020 MANAGEMENT: >STATE:1604894114,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:24 2020 TCP: connect to [AF_INET]10.255.0.1:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:24 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:24 2020 MANAGEMENT: >STATE:1604894124,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:24 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:29 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:29 2020 Attempting to establish TCP connection with [AF_INET]10.0.1.10:8443 [nonblock]
    Mon Nov 09 11:55:29 2020 MANAGEMENT: >STATE:1604894129,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:39 2020 TCP: connect to [AF_INET]10.0.1.10:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:39 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:39 2020 MANAGEMENT: >STATE:1604894139,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:39 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:44 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:44 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
    Mon Nov 09 11:55:44 2020 MANAGEMENT: >STATE:1604894144,TCP_CONNECT,,,,,,

Reply
  • 0 in reply to FormerMember

    Few days ago its certificate error, but today i encounter something different, clients log as below:

    Mon Nov 09 11:54:54 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:54:59 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:54:59 2020 Attempting to establish TCP connection with [AF_INET]10.0.1.10:8443 [nonblock]
    Mon Nov 09 11:54:59 2020 MANAGEMENT: >STATE:1604894099,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:09 2020 TCP: connect to [AF_INET]10.0.1.10:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:09 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:09 2020 MANAGEMENT: >STATE:1604894109,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:09 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:14 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:14 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
    Mon Nov 09 11:55:14 2020 MANAGEMENT: >STATE:1604894114,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:24 2020 TCP: connect to [AF_INET]10.255.0.1:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:24 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:24 2020 MANAGEMENT: >STATE:1604894124,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:24 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:29 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:29 2020 Attempting to establish TCP connection with [AF_INET]10.0.1.10:8443 [nonblock]
    Mon Nov 09 11:55:29 2020 MANAGEMENT: >STATE:1604894129,TCP_CONNECT,,,,,,
    Mon Nov 09 11:55:39 2020 TCP: connect to [AF_INET]10.0.1.10:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 09 11:55:39 2020 SIGUSR1[soft,init_instance] received, process restarting
    Mon Nov 09 11:55:39 2020 MANAGEMENT: >STATE:1604894139,RECONNECTING,init_instance,,,,,
    Mon Nov 09 11:55:39 2020 Restart pause, 5 second(s)
    Mon Nov 09 11:55:44 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 09 11:55:44 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
    Mon Nov 09 11:55:44 2020 MANAGEMENT: >STATE:1604894144,TCP_CONNECT,,,,,,

Children