Jump to content


Photo

SSL VPN in F300 - Java issue

Java SSL Certificate

Best Answer Gavin Chappell, 07 December 2016 - 03:15 AM

It's not clear what your issue is...this post in this forum suggests that you're having trouble with your HTTPS certificate protecting the web server on the F-series; this is out of our control whether Java allow these or not, although we would always recommend having a trusted certificate in place in order to take advantage of the trust provided by HTTPS. If you're having trouble specifically when you launch something requiring Java and it says the certificate has expired, then this is relating to the code signing certificate used within the product and can be fixed with Hotfix 810 for NGF 6.2.2 - https://login.barrac....2.2-115906.tgz

Go to the full post


  • Please log in to reply
2 replies to this topic

#1 Steve Begley

Steve Begley
  • Members
  • 15 posts

Posted 06 December 2016 - 04:55 PM

It appears that with the latest update to Java, anyone using a self-signed certificate for SSL VPN on a F-Series firewall is getting a prompt in Java that it is a security issue.  It further appears that by default Java is setting itself to "Very High" in "Security" by default.

 

I have experimented with the settings in Java, and by lowering it to "High" I can connect to the SSL VPN portal.  However, the client is dealing with a large distributed base of home users that makes doing this a large undertaking.

 

Is there a work-around that does not include changing the settings or purchasing a trusted certificate?  Have others experienced this, and if so how did you overcome it?

 

I am dual posting this in F Serie and also SSL VPN section of the support board.

Thanks,

 

Steve

 



#2 Gavin Chappell

Gavin Chappell
  • Moderators
  • 437 posts
  • LocationNottingham, UK

Posted 07 December 2016 - 03:15 AM   Best Answer

It's not clear what your issue is...this post in this forum suggests that you're having trouble with your HTTPS certificate protecting the web server on the F-series; this is out of our control whether Java allow these or not, although we would always recommend having a trusted certificate in place in order to take advantage of the trust provided by HTTPS. If you're having trouble specifically when you launch something requiring Java and it says the certificate has expired, then this is relating to the code signing certificate used within the product and can be fixed with Hotfix 810 for NGF 6.2.2 - https://login.barrac....2.2-115906.tgz



#3 Steve Begley

Steve Begley
  • Members
  • 15 posts

Posted 28 December 2016 - 05:56 PM

Gavin, just to let you know, the Hotfix 810 solved the issue with Java flagging the certificate as not signed or invalid.  Thanks for the help.

 

Steve