Dynamic DNS certificate problem
Posted: Sat Dec 09, 2023 3:40 pm
I am trying to set up SoftEther and have run into a problem with dynamic DNS on my VPN server. For my global IP address it says
"Unable to trust the certificate provided by the destination server. The setting to always verify the server certificate is enabled in the VPN Connection Settings. Either register a root certificate that can be trusted or register a individual certificate."
That is odd so I look at our firewall. Our firewall is resigning the certificate for the dynamic DNS servers as "untrusted". Hmm very odd. In the logs the firewall lists the resigned certificate asIP Address 130.158.6.119 Resolved Domain xe.x4.servers.ddns.softether-network.net] but when I check the certificate online I get
Common name : ddns-register-1.sehosts.com
Alternative names (SANs) :
Organization: sehosts.com
Issuer : ddns-register-1.sehosts.com
Ahh thus my firewall problem that the resolved name doesn't match the certificate name and it gets resigned as untrusted by my firewall.
Where do I update the server address for the SoftEther dynamic DNS servers so I can use ddns-register-1.sehosts.com? Or does anyone have any other ideas? Turning off our firewall SSL protection is obviously not a solution.
Thanks!!!
"Unable to trust the certificate provided by the destination server. The setting to always verify the server certificate is enabled in the VPN Connection Settings. Either register a root certificate that can be trusted or register a individual certificate."
That is odd so I look at our firewall. Our firewall is resigning the certificate for the dynamic DNS servers as "untrusted". Hmm very odd. In the logs the firewall lists the resigned certificate asIP Address 130.158.6.119 Resolved Domain xe.x4.servers.ddns.softether-network.net] but when I check the certificate online I get
Common name : ddns-register-1.sehosts.com
Alternative names (SANs) :
Organization: sehosts.com
Issuer : ddns-register-1.sehosts.com
Ahh thus my firewall problem that the resolved name doesn't match the certificate name and it gets resigned as untrusted by my firewall.
Where do I update the server address for the SoftEther dynamic DNS servers so I can use ddns-register-1.sehosts.com? Or does anyone have any other ideas? Turning off our firewall SSL protection is obviously not a solution.
Thanks!!!