cancel
Showing results for 
Search instead for 
Did you mean: 

Problem about Trusted Server CAs

Wilmer_
Occasional Contributor

Problem about Trusted Server CAs

Juniper SSLVPN is a https website right?

when using https, browser makes a request to the server and server returns its certificate and the CA signature.

Browser will verify if the CA can be trusted

 

I tried the following step

 

issue a CSR is sign by my company internal CA, export the root CA from the signed cert, then from Juniper SA Trusted Server CAs configuration page, i trust my internal CA my install this exported root cert

 

then, i try to login to this Juniper SA from my home PC, no more warning message prompt, the question is here

 

as the verify process i mentioned ablow, if the verify is done by end point PC in stead of the https server (in this case, the Juniper SA), why after i configured the SA to trust my internal CA, the end PC will not prompt warning message on browser any more?

 

i had tried this thing on serval SSLVPN appliance, i got the same result

4 REPLIES 4
jayLaiz_
Super Contributor

Re: Problem about Trusted Server CAs

Hi,

 

does the browser have the trusted root cert installed under trusted root CA's?

 

Thanks,

Jay

dcvers_
Regular Contributor

Re: Problem about Trusted Server CAs

If you are using Web rewriting then it is the Juniper appliance that connects to the internal web sites and so it is the appliance that has to trust the CA that issues the internal sites certificates. As you have added the CAs certificate to the Trusted Server list on the appliance this is why you no longer see the warning.

NULL_
Contributor

Re: Problem about Trusted Server CAs

Hi Wilmer,

 

there are actually two possibilities :-)

 

  • the CA which signed the Certificate is itself signed by a trusted public ca (Browsers Trusted default CA's )
  • You have installed your company's CA on this private computer

To verify these possibilities have a look at the Certificate Chain of this specific certificate.

 

Another possibility would be if you have trusted this certificate before (you'll see a warning in the certificate chain / certificate  details)

 

hope this helps

Best Regards

NULL

zanyterp_
Respected Contributor

Re: Problem about Trusted Server CAs

What are you seeing failure against: the IVE web page or internal servers via web rewrite?