Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 57524 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - Not working after upgrade to UTM 9

TheExpert
Hello together,

I upgraded from ASG 8.305 to UTM 9. When wanting to connect via SSL VPN I see the following error in the Log of the SSL VPN client which is updated, too:

VERIFY X509NAME ERROR: C=de, L=***, O=*** Mössner, CN=***, emailAddress=***, must be C=de, L=***, O=*** Mössner, CN=***, emailAddress=***

You can see that there is difference for the "O" field. The certificates were imported from the ASG installation where the SSL VPN worked fine.

When looking into the certificates on the UTM 9 and on the client, the "O" field looks good, there is no problem with vowel mutation.

So my question is: Which certificate is presented with the wrong information? Is it the certifacte of the SSL VPN client or is it the CA certificate of the UTM 9 and what can I do to correct the issue without resigning the HTTPS proxy certificate and all the other certificates?

Thank you

TheExpert


This thread was automatically locked due to age.
Parents
  • 0
    So, it looks like the cert & CA are fine, but that the UTM isn't getting auth for your user.  That could be because you have a Backend Group in 'Allowed users' in the SSL VPN and the group can't be resolved because the UTM can't communicate with the server.  Have you checked that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi!

    I also upgraded from 8.305 to V9 and have the exact same error and cannot resolve it.

    Looking forward to hear your answer [:)]

    Regards Martin

    EDIT: ***
    I just looked in the log, there was an entry at TLS where it wrote the path and "must be" and an other path, i typed that path in the ovpn config file and now it works..odd!?

    I have redownloaded the vpn package from portal again and the error comes again, perhaps the astaro software did build some wrong packages??

    is it possible to force new packages again??

    Regards Martin

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

  • 0 in reply to twister5800
    Wasn't there a change in handling national characters (german Umlaute) in the new SSL VPN?
Reply Children
  • 0 in reply to papa__01
    Hello together,

    I don't have a directory service where the user will be authenticated. So the authentication is using the local database on the UTM.

    And I don't use a group for the allowed users. My only two users are listed as separate entries.

    Thank you

    TheExpert

    Kind Regards

    TheExpert

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML