When a User Accesses the SSL VPN Gateway, the Browser Displays the Warning "There is a problem with this website's security certificate."
This section describes how to eliminate the warning "There is a problem with this website's security certificate." displayed on the browser after a user enters the gateway address.
Symptom
A user enters the SSL VPN gateway address in the address bar of a browser and press Enter. The warning There is a problem with this website's security certificate. is displayed.
Possible Causes
Cause 1: The CA certificate corresponding to the local certificate on the virtual gateway is not installed on the client.
Cause 2: The common name of the local certificate on the virtual gateway is different from the IP address or domain name of the virtual gateway.
Procedure
- Cause 1: The CA certificate corresponding to the local certificate on the virtual gateway is not installed on the client.
Download and install the CA certificate as prompted by the virtual gateway.
- Cause 2: The common name of the local certificate on the virtual gateway is different from the IP address or domain name of the virtual gateway.
Reapply for or make the local certificate and CA certificate and import them to the FW using any of the following methods (the methods can clear the certificate security alarms):
- Method 1: Apply for the local certificate and CA certificate from a well-known certificate issuing authority. You need to provide the IP address or domain name of the virtual gateway for the certificate issuing authority to issue the local certificate.
- Method 2: Use a certificate generation tool, such as XCA, to make the local certificate and CA certificate. When making the local certificate, set the Common Name field to the IP address or domain name of the virtual gateway.
- Method 3: Configure a certificate request file and apply for the local certificate and CA certificate. For details on how to configure a certificate request file, see Local Certificate. Set Common Name of the local certificate to the IP address or domain name of the virtual gateway.
If you do not want to use any of the preceding methods, you can add the IP address or domain name of the virtual gateway to the trust side to clear the certificate security alarm. However, this method brings security risks. Excise caution when using this method.