Revoked certificate
Hi all
I've currently got a certificate issue on the WG that I'd like some advice on. We have a M390 with an SSLVPN portal set up where users can go and login and download the VPN client.
A few weeks ago it appears something happened to the certificate and now the site is coming up with 403 Forbidden when accessed.
The current wildcard certificate that we use for our other sites is valid and expires in August 2025. I tried to import the current cert again using WSM and WebUI but it is coming up as Revoked. I thought it may have been an old expired cert or a copy that was revoked (which doesn't make sense since all our other sites are still working fine) but nonetheless duplicated the current wildcard cert from our 3rd party cert provider portal and tried importing yet still came up as revoked.
I downloaded the CRL and the serial number for our cert is on the list and the date of revocation is August 2024 which was also puzzling, since the site definitely hasn't been down for that long.
I haven't tried generating a fresh CSR and going through that process yet, I thought importing a valid duplicate of the wildcard would be enough but apparently not.
If anyone could provide some suggestions on how to proceed from here, that would be great. Our current wildcard is definitely valid, but I can't explain how it is on the CRL. I have a fairly basic knowledge of certificates so currently stuck on how to proceed from here.
Next step - CSR request from the WSM/WebUI maybe?
Thank you
Comments
I am looking at the same issue. This appeared after I updated our Fireboxes last week. Now I get for all devices the 403 Forbidden site where the login portal was before.
From the V12.11 Release Notes:
. This release removes the Mobile VPN with SSL Client download page from the Firebox. [FBX-27548]
The SSLVPN download page no longer exists.
You can find the SSLVPN clients to download in the downloads page for each firewall at software.watchguard.com
For example, the page for the M290:
https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2R6S000000NkiTUAS
You can right click -> Copy link if you need to distribute this to any customers, no logon is required to get the client from our downloads page.
If you need the OVPN file, please follow these steps to download it from your firewall:
(Use Mobile VPN with SSL with an OpenVPN Client)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_ovpn_profile_c.html
-James Carson
WatchGuard Customer Support
Thanks guys, yeah this got me, I skimmed over the release notes, apparently a little too quickly it seems. Thank you, mystery solved.
On a Windows machine, I grabbed the support files and got the client.wgssl file and that loaded the Mobile SSL client and it all worked. Just using the ipaddress:4443 (which is our port we're using) didn't seem to connect.
OVPN for connections from iPhone and Android, is this correct?
Correct, for the OpenVPN client
Thanks Bruce.