If user uses a self-signed certificate and check “Certificate Verify” on FerrumGate ZTNA client, it does connect to the VPN tunnel but it doesn’t send the Device posture data (as expected), but no error is thrown on agent. I believe that when certificate verification fails, the tunnel should disconnect (or maybe not even start connecting) and shows a message to the user about it.
Hi Eduardo,
If Certificate verification is on, then client can not create tunnels, because web page does not open to authenticate. Please give me more details. how this occurs?
and we are working on new version, that will show certificate error message more clearly to user.
Hello,
The web page is shown normally even if certificate isn’t trusted and user is authenticated just fine. I believe that attempting to check if web page certificate is trusted before opening the login page isn’t the way to fix it, as it authenticates just fine ignoring the warning message on browser and some browsers (like Firefox) uses a built-in certificate storage instead of using the system certificate storage.
The error happens only after user authenticates successfully on portal, it seems that when sending the device posture the certificate validation begins and it fails, but no message is shown to the user and it enters in a certification validation loop, but it still shows the client status icon as green.