Certificate errors while accessing the SonicWall web management (GUI)
01/16/2024 133 People found this article helpful 498,948 Views
Description
Certificate Errors while accessing the SonicWall web management.
The browser displays one of the following warnings with the SSL certificate of the SonicWall:
- Untrusted Certificate
- Certificate Invalid
- Mismatched Address
- There is a problem with this website’s security certificate.
When you click on the view certificates; it shows a red cross on the certificate and invalidates it.
This error message is a normal behavior with the self-signed certificate of SonicWall because IE does not treat SonicWall as a trusted CA.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
To get rid of these error messages make sure that
- A valid certificate signed by a trusted Certificate Authority or third party CA can be installed on the SonicWall device.
- The common name on the SonicWall certificate should be same as the unit's fully qualified domain name (FQDN).
To verify this:
Navigate to DEVICE | Settings | Administration | Management page to make sure that you are using the correct certificate. Also, common name is matching with the unit's fully qualified domain name.
NOTE: If the time stamp on the certificate is invalid or the certificate is expired; get a new certificate from the CA.
TIP: If the self-signed certificate is being used make sure the Certificate Common name is set as the IP address used to manage the firewall e.g, in above case firewall is managed via LAN IP 192.168.168.168.
With the recent browser's and OS security updates it is no longer possible to avoid the warning message by installing the self-signed certificate on the client.
To avoid the warning message it is better to request a new certificate on the SonicWall and sign it with a trusted CA.
Please follow the KB article: How do I generate a new SSL certificate from my SonicWall firewall?
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
To get rid of these error messages make sure that
- A valid certificate signed by a trusted Certificate Authority or third party CA can be installed on the SonicWall device.
- The common name on the SonicWall certificate should be same as the unit's fully qualified domain name (FQDN).
To verify this:
Navigate to MANAGE | Appliance | Base Settings page to make sure that you are using the correct certificate. Also, common name is matching with the unit's fully qualified domain name.
NOTE: If the time stamp on the certificate is invalid or the certificate is expired; get a new certificate from the CA.
TIP: If the self-signed certificate is being used make sure the Certificate Common name is set as the IP address used to manage the firewall e.g, in above case firewall is managed via LAN IP 192.168.168.168.
With the recent browser's and OS security updates it is no longer possible to avoid the warning message by installing the self-signed certificate on the client.
To avoid the warning message it is better to request a new certificate on the SonicWall and sign it with a trusted CA.
Please follow the KB article: How do I generate a new SSL certificate from my SonicWall firewall?
Related Articles
Categories