Problem chain certificate SSL in 2fa link url address

ez_
ez_ Posts: 4  Freshman Member
First Comment Second Anniversary
in Security

Hi,

problem in my firewall USG Flex 200 V5.38(ABUI.0) :

I created a csr certificate from "my certificates" and I purchased the certificate from Sectigo. I was able to import the certificate received as well as the 3 certificates in "trusted certificates"

image.png

I can see validation successful in "my certificate" when I double click on the certificate

CN=xxxxxxxxxxx
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Validation Result=successful

I configure the 2fa https url link

image.png

If I go the the 2fa url link with Chrome or Firefox, no problem to view the page

image.png

but if I enable kaspersky antivirus extension for my navigator I receive an warning like this

image.png

and if I check the 2fa url link with openssl I receive also a problem to verify chain certificate

openssl s_client -servername xxxxxxxxx -connect xxxxxxxxx:8888

CONNECTED(00000005)
depth=0 CN = xxxxxxxxxx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = xxxxxxxxxx
verify error:num=21:unable to verify the first certificate
verify return:1

Certificate chain
0 s:/CN=xxxxxxxxxx
i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA

If I go to

https://decoder.link/sslchecker/xxxxxxxx/8888 also I see an problem with intermediate certificate chain

image.png

or in

https://www.geocerts.com/ssl-checker

image.png

How can correct this problem ? Must I import the certificate in specific order ?

Thanks for your help.

All Replies

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)