Hi,

This first error message means that the device certificate for the SA is not recognised as valid.
It is either a self signed certificate or the the most common issue is that the Issuer certificate is not trusted by the SA.
Also the client machine does not know the CA since its not a well known or approved CA.

Tthe second error message cause is the SA device certficate is generated for a hostname and you might be trying
to access the SA admin/user UI through Ip address.

The recommedned configuration to overcome the issue is:

1. Raise a CSR and get the device certfiicate from a thirdparty CA, also get the complete CA path certfiicates if there is any intermediate CA's.

2. you can add "Trust" by obtaining a the issuing CA certificate for the SA and import the issunig CA certificate (or certificate chain if there are subordinates) under:
Configuration > Certificates > Trusted Servers CA.

Hope this resolves your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

hi how to raise the CSR?

how to get device certificate from thirdparty ca?

what is intermediate ca?

how do you connect: ip or name? if you use ip, it will always show the name mismatch.

if you are using name but the certificate is self-signed, or from some other certificate authority, you will receive that portion of the failure

we use name when connect.. please help

right now you are connecting to a different server name AND it is not trusted.

the latter will happen if you are using a self-signed cert.

can you send me the site you are connecting to OR open a JTAC case to move forward?

i have solved this issue by generated cert from www.selfsigncertificate.com and installed to juniper sa.

thank you for the update and information; glad to hear it is working for you