Client VPN fails when going through Web Security Services
Last Updated February 07, 2019
The client tries to connect from a protected network to a remote site using a third party VPN client.
Access Method: IPsec.
SSL Interception is enabled.
"server certificate is invalid"
VPN Client implements SSL pinning. VPN Client asks for the SSL certificate from the VPN concentrator over https connection. Since SSL Inteception is enabled in the Web Security Services (WSS) the VPN client receives the WSS' certificate and rejects the certificate and generates an "Server Certificate is invalid" error.
Create SSL Interception Exemption for the VPN concetrator.
Service > Network > SSL Interception > SSL Interception Exemptions > Destinations > Add > New > IP/Subnet > add concentrator's IP
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe