Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3378 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco VPN Client with Thawte SSL123

MadMaex
Hello,

we bought a Thawte SSL123 certificate yesterday an installed it in Sophos UTM 9.1.
The certificate is working for WebAdmin/User Portal, for TLS and so on, but if we try to use it for Cisco VPN Client following error occurs:
The certificate of the CA that issued the 'host.domain.com' certificate is needed.

The "Thawte Primary Root CA" and the intermediate CA "Thawte DV SSL CA" are both installed in "Certificate Management / Certificate Authority", as 2 CAs.

Please help!

Bye
Markus


This thread was automatically locked due to age.
Parents
  • 0
    Hello, Marc, and welcome to the User BB!

    You're right that it's not an issue of a broken connection, it's a connection that fails to establish.  The first place to start is with the IPsec log lines from a single connection attempt.  Also, just out of caution, check the Intrusion Prevention log to see if there's any Anti-DoS activity during the attempt.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob, 

    thank you for your answer.

    I'm a little bit confused. I can't make an connection attempt to produce some logs. The problem occurs when I want to configure the UTM. I've attached an screenshot that shows the error message. I want to configure the Cisco-VPN-Remoteconnection to use a new server certificate. Certificate, CA and Intermediate are imported. No problem, no error. When I go back to the VPN-Setting and choose the new certificate and submit then the error message marked in the screenshot is shown. It's an 4096bit Wildcard-SSL-Certificate from StartSSL.

    The IPSec log is complete empty.


    Greets 

    Marc
Reply
  • 0 in reply to BAlfson
    Hi Bob, 

    thank you for your answer.

    I'm a little bit confused. I can't make an connection attempt to produce some logs. The problem occurs when I want to configure the UTM. I've attached an screenshot that shows the error message. I want to configure the Cisco-VPN-Remoteconnection to use a new server certificate. Certificate, CA and Intermediate are imported. No problem, no error. When I go back to the VPN-Setting and choose the new certificate and submit then the error message marked in the screenshot is shown. It's an 4096bit Wildcard-SSL-Certificate from StartSSL.

    The IPSec log is complete empty.


    Greets 

    Marc
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML