Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS CERTIFICATE CONFIG

MrLou_
Occasional Contributor
‎11-28-2014 04:51:PM
‎11-28-2014 04:51:PM

HTTPS CERTIFICATE CONFIG

I have a SA4500 which I am attempting to secure the http:// connection. 

 

My vpn public connection looks like this once accessed from the public ip address.

 

http error.JPG

 

A device CSR was genrated, sent to a reputable certificate issuer and was returned. This certificate was uploaded to the SA4500.  A trusted client certificate was also uploaded successfully. Trusted server CA's were also added. 

 

The device certificate was added to the external port and config saved successfully.

 

csr.JPG

 

All of this done, I am still getting an "unsecured" connection to my public IP address.

 

Any insight on what I may be doing incorrectly ?

 

Thanks in advance for any and all comments.

0 Kudos
2 REPLIES 2
spuluka
Super Contributor
‎11-29-2014 05:33:AM
‎11-29-2014 05:33:AM

Re: HTTPS CERTIFICATE CONFIG

The certificate should be applied to the port that your DNS entry resolves to.  If you are using the external port or creating a vip for the sign-in page this is there the certificate should be applied.

 

Check your browser error message for the cert.  There are three reasons it can fail and you need to know which one is the issue.  Depending on which one fails there will be different steps.  You can also confirm by this that you are indeed seeing the correct certificate you purchased so that you know it is installed correctly on the SA4500.

 

  1. URL name must match the name in the certificate
  2. The client computer running the web browser must trust the CA that issued the certificate
  3. The date on the certificate cannot be in the past based on the client computer clock running the browser
Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home
0 Kudos
zanyterp_
Respected Contributor
‎11-29-2014 06:32:PM
‎11-29-2014 06:32:PM

Re: HTTPS CERTIFICATE CONFIG

Connecting by IP will _always_ give you an untrusted error as that is not a valid entry in the certificate. If you were somehow able to get the certificate issued to your IP address then this would be a problem; but because your IP will, most likely, never match your CN/DN/SN/hostname of your certificate, that is correct behavior.
Is the correct name/certificate being presented?
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.