Auth portal cert error
My users receive certificate errors when they try to log in to the Firebox. I don't want them to ignore certificate errors. What can I do?
- Greg Gilbraith
Best Answer
-
Eugene_ WatchGuard Representative
Hello Greg,
If you are trying to log into the firebox with the WebUI and getting a certificate error, this is expected. The firebox comes with self signed certificates for that are used to load web pages that are hosted on the firebox (i.e. WebUI, Authentication Portal, SSL VPN download page, etc).
To avoid getting the certificate error message in web loading one of the web pages hosted by the firebox you can do a few things.
1. Import the Self-signed Root CA certificate onto your computer (and/or use GPO to distribute the certificate to all computers on the domain)
2. Replace the Web Server certificate on the firebox with a 3rd party one that is signed by a Certificate Authority (CA).For more information on certificates, how they work and how they relate to the firebox please see the following video tutorial.
http://www.watchguard.com/help/video-tutorials/Certs-Intro/index.htmlIf you have a Web Server certificate signed by a CA, you can import it using the steps in the following documentation:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/thirdparty_webserver_certificate_c.htmlRemember when importing a Web Server certificate to import the Root CA and Intermediate certificates first!
Cheers,
Eugene Torre | Support Engineer
5
Answers
Hello,
Even installing the certificate for each user I am getting the following error in the certificate "the security certificate presented by this website was issued for a different website's address", does anyone know the reason?
Regards.
Yes. I tried to install the certificate in "Trusted Root Certificates Authorities", but even after that import, the issue continues. The browser now shows the certificate as valid, but the message of "NET::ERR_CERT_COMMON_NAME_INVALID" continues.
Exactly the same here. I finally got round to doing as instructed to fix it, only for it to continue saying NET::ERR_CERT_COMMON_NAME_INVALID
Showing more information I get :
"This server could not prove that it is x.x.x.x; its security certificate does not specify Subject Alternative Names. "
What do you see if you use a web browser other than Chrome?