Problem chain certificate SSL in 2fa link url address
Freshman Member
Hi,
problem in my firewall USG Flex 200 V5.38(ABUI.0) :
I created a csr certificate from "my certificates" and I purchased the certificate from Sectigo. I was able to import the certificate received as well as the 3 certificates in "trusted certificates"
I can see validation successful in "my certificate" when I double click on the certificate
CN=xxxxxxxxxxx
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Validation Result=successful
I configure the 2fa https url link
If I go the the 2fa url link with Chrome or Firefox, no problem to view the page
but if I enable kaspersky antivirus extension for my navigator I receive an warning like this
and if I check the 2fa url link with openssl I receive also a problem to verify chain certificate
openssl s_client -servername xxxxxxxxx -connect xxxxxxxxx:8888
CONNECTED(00000005)
depth=0 CN = xxxxxxxxxx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = xxxxxxxxxx
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:/CN=xxxxxxxxxx
i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
If I go to
also I see an problem with intermediate certificate chain
or in
How can correct this problem ? Must I import the certificate in specific order ?
Thanks for your help.
All Replies
-
Hi @ez_,
Could you share the photos without the mosaic via private message? I will DM you for the request.
Zyxel Melen
Don't miss this great chance to upgrade your Nebula org. for free!
0 -
Hi @ez_,
This is because of the 2FA authentication webpage design. The 2FA authentication can only be used after login, we assume it doesn't have too many security concerns. Therefore, this page is applied with the root certificate, not the full certificate chain.
I have helped you create an idea post where we will monitor the votes and comments in this post for evaluation.
Zyxel MelenDon't miss this great chance to upgrade your Nebula org. for free!
0
Zyxel Employee
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 132 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.4K Security
- 181 USG FLEX H Series
- 258 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 37 Wireless Ideas
- 6.2K Consumer Product
- 237 Service & License
- 374 News and Release
- 79 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 69 Security Highlight
