Server requested client certificate - not supported

Hi

When our secuirty software, Heimdal security, tries to access their proxy system, i am getting this error:

pxy server requested client certificate - not supported

The browser certificate warning, i am getting is on *.heimdalsecurity.com which works fine during normal browsing, but when the software does some kind of inspection on dns/tls connections, we sometimes get this error presented.

Testing heimdalsecurity.com with fairssl shows:
rDNS (192.124.249.38): cloudproxy10038.sucuri.net.

So i added cloudproxy10038.sucuri.net to a https filter and now it works as expected as the wg proxy is not involved. I guess the server software demands the heimdal client to present a certificate which is not a supported feature by wg proxy or?

Regards
Robert

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Robert,

    It appears as if that software is trying to get the actual certificate and not the proxy authority certificate. If the proxy is set to inspect, it will not allow this. If your security software requires a connection that is not being inspected and resigned by the proxy, setting up an exception or packet filter would be valid ways to correct this.

    -James Carson
    WatchGuard Customer Support

  • @james.carson

    Thanks, this make sense.

Sign In to comment.