VPN Concentrators and Microsoft Certificates

Unanswered Question
Sep 8th, 2009

I'm trying to install a certificate on the public interface on a VPN Concentrator 3020. The certificate installs just fine, but the problem is that once the Microsoft CA cert is installed the WebVPN website on the concentrator no longer comes up. I've tried this many times and each time I get the same result. The main reason I'm trying to use a Microsoft CA cert is because I need the cert signed with SHA-1 instead of MD5

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Tue, 09/08/2009 - 09:20

Did you get any error message when you tried to access WebVPN?

When you install the new CA, make sure to use CN field correctly.

"Common Name (CN) field you need to fill this space with either an IP address or the DNS name of the interface, which must be similar to what you typed in the browser in order to make the SSL client connection."

brandon_leiker Tue, 09/08/2009 - 09:24

The only thing that happens is I get "Page Can Not Be Displayed" when I go to the WebVPN page.

brandon_leiker Tue, 09/08/2009 - 09:58

I don't receive a popup or anything. The webpage just doesn't come up. The message is "Internet Explorer cannot display the webpage". I'm running the lastest version of the software for the concentrator. If I change the certificate back to a self signed cert the page comes up right away.

Yudong Wu Tue, 09/08/2009 - 10:16

After you changed cert on VPNC, the client web browser should come up that certificate warning window unless you disabled it on purpose or the cert is trusted.

When the browser is trying to establish a SSL connection with a website, if the cert is untrusted, the certificate warning window will pop up.

In IE, Tools->Internet Options->Content Tab->Certificates->Trusted Root Certification Authorities tab, did you see your MS CA is listed there?

brandon_leiker Tue, 09/08/2009 - 10:22

The certificate is already trusted by the PC that I'm using. I'm creating a cert using my root Microsoft CA. I've attached the IE window that I get when I go to the webpage.

Yudong Wu Wed, 09/09/2009 - 06:16

Sorry, I don't know what else we could try. Can you open a TAC case to investigate this?


This Discussion