Client VPN fails when going through Web Security Services

book

Article ID: 170452

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

The client tries to connect from a protected network to a remote site using a third party VPN client.

"server certificate is invalid"

Cause

VPN Client implements SSL pinning. VPN Client asks for the SSL certificate from the VPN concentrator over https connection. Since SSL Inteception is enabled in the Web Security Services (WSS) the VPN client receives the WSS' certificate and rejects the certificate and generates an "Server Certificate is invalid" error.

Environment

Access Method: IPsec.
SSL Interception is enabled.

Resolution

Create SSL Interception Exemption for the VPN concetrator.

Service > Network > SSL Interception > SSL Interception Exemptions > Destinations > Add > New > IP/Subnet > add concentrator's IP