- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- MSR 20-40 SSL VPN
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-28-2011 07:05 AM
12-28-2011 07:05 AM
MSR 20-40 SSL VPN
Hi everyone!
I have a problem with the ssl certificate on MSR 20-40 router.
We have CA server. Router receives CA cert and then creates it's own cert based on CA cert.
Router tells that everything ok, but when I'm trying to open the ssl vpn page on a router Mozilla tells me : "sec_error_inadequate_cert_type".
IE tells nothing, it just don't open this page.
And this is not strange, because i found in routers local certificate "certificate purpose" > IPSEC IKE intermediate.
I just don't have any ideas about how to fix this problem.
Please HELP!
Regards,
Aleksei
- Tags:
- certificate
- vpn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2012 04:05 AM
07-19-2012 04:05 AM
Re: MSR 20-40 SSL VPN
A device can't create its own cert based on a CA cert unless you were referencing generating a CSR, sending to the CA and then importing the CA's certificate. I'm assuming this is what you did for the remainder of this post.
The purpose of the certificate is not adequate for use with SSL, that certificate purpose is to be used as an IKE intermediate. The client device accessing is responsible for verifying both the validity of the certificate and the intended purpose of the certificate. Depending on the browser client security settings it will or won't display certain types of errors as you've discovered.
It doesn't sound like you're having a name mismatch as in the Subject Name of the certificate matches up with the FQDN or IP address of the certificate you had issued. You'd get a certificate warning in this case, but it should at least still work if you bypass the warning. This appears to be that the certficate generated is just not enough to be used to provide SSL service.
The certficate you're using should have a purpose of Digital Signature, Key Encipherment and Server/Client Authentication. If you're using a Windows based CA, the default web server template should provide these purposes for the certificate that is generated.