Options

Server requested client certificate - not supported

Robert_VilhelmsenRobert_Vilhelmsen
edited September 2023 in Firebox - Certificates

Hi

When our secuirty software, Heimdal security, tries to access their proxy system, i am getting this error:

pxy server requested client certificate - not supported

The browser certificate warning, i am getting is on *.heimdalsecurity.com which works fine during normal browsing, but when the software does some kind of inspection on dns/tls connections, we sometimes get this error presented.

Testing heimdalsecurity.com with fairssl shows:
rDNS (192.124.249.38): cloudproxy10038.sucuri.net.

So i added cloudproxy10038.sucuri.net to a https filter and now it works as expected as the wg proxy is not involved. I guess the server software demands the heimdal client to present a certificate which is not a supported feature by wg proxy or?

Regards
Robert

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Robert,

    It appears as if that software is trying to get the actual certificate and not the proxy authority certificate. If the proxy is set to inspect, it will not allow this. If your security software requires a connection that is not being inspected and resigned by the proxy, setting up an exception or packet filter would be valid ways to correct this.

    -James Carson
    WatchGuard Customer Support

  • Options
    Robert_VilhelmsenRobert_Vilhelmsen

    @james.carson

    Thanks, this make sense.

Sign In to comment.