Auth portal cert error

My users receive certificate errors when they try to log in to the Firebox. I don't want them to ignore certificate errors. What can I do?

  • Greg Gilbraith

Best Answer

Answers

  • Hello,
    Even installing the certificate for each user I am getting the following error in the certificate "the security certificate presented by this website was issued for a different website's address", does anyone know the reason?

    Regards.

  • Yes. I tried to install the certificate in "Trusted Root Certificates Authorities", but even after that import, the issue continues. The browser now shows the certificate as valid, but the message of "NET::ERR_CERT_COMMON_NAME_INVALID" continues.

  • edited October 2021

    @Iscott said:
    Yes. I tried to install the certificate in "Trusted Root Certificates Authorities", but even after that import, the issue continues. The browser now shows the certificate as valid, but the message of "NET::ERR_CERT_COMMON_NAME_INVALID" continues.

    Exactly the same here. I finally got round to doing as instructed to fix it, only for it to continue saying NET::ERR_CERT_COMMON_NAME_INVALID

    Showing more information I get :

    "This server could not prove that it is x.x.x.x; its security certificate does not specify Subject Alternative Names. "

  • What do you see if you use a web browser other than Chrome?

  • how did you resolve this issue?.. i am having the same issue right now

  • edited March 26

    Have you imported the firewall Fireware web CA cert into your PC ?

  • yes i did still not redirecting to the authentication page

  • here are some details maybe it is a different issue

    these are the policies that was set by the supplier..

    i have this users in firebox-db just for testing..

    i have 2 aliases also server farm and office vlan so that they will be exempted for the testing.. i made a the ip of my test device are separate from the office vlan and the server farm

    the test pc shows that it is not able to connect to the internet. :smile: thats good already but what i wanted is that i will automatically redirect the user to the authentication portal... at 4100.. but its not redirecting automatically

    i checked the traffic management logs and this is the result

    it seems that it is being denied at port 4102.. based from some forums that 4102 is the https redirect.. it seems not to work.. what could be wrong?..

    Thank you by the way for the reply

  • To address the "NET::ERR_CERT_COMMON_NAME_INVALID" shown in a web browser - see this video:

    Resolve Firebox Certificate Warnings
    https://www.watchguard.com/help/video-tutorials/Certs-Resolve_Errors/index.html

  • I just tired creating my own self signed CA cert as per the video, and that does work for most web browsers, such as Chrome, Edge, Opera & Brave, but not for Firefox, as it has its own cert store.
    Even having the Firefox config option of security.enterprise_roots.enabled set to True, it didn't work as desired. I had to import the cert into the Firefox Authorities cert store or "Accept the risk and continue" which adds the cert to "Servers" store.

  • Hi good day .. thank you for your help

    i created the CA based on the video.. added it also as root cert.. still i am facing HSTS page..

Sign In to comment.