Failed server validation by individual certificate in SE 4.31

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ethanolson
Posts: 11
Joined: Mon Dec 02, 2019 6:29 am

Failed server validation by individual certificate in SE 4.31

Post by ethanolson » Mon Dec 02, 2019 6:35 am

In the client, when attempting to validate the server with individual certificate, the safeguard is of none effect with SE 4.31. I tested an old certificate to validate when the server was issuing the new certificate (same CN, different key length) and it simply allowed the connection. This needs to be corrected.

cedar
Site Admin
Posts: 1205
Joined: Sat Mar 09, 2013 5:37 am

Re: Failed server validation by individual certificate in SE 4.31

Post by cedar » Wed Dec 04, 2019 7:37 am

Was the connection mode in TCP?
Aren't you using a VPN Azure service?

ethanolson
Posts: 11
Joined: Mon Dec 02, 2019 6:29 am

Re: Failed server validation by individual certificate in SE 4.31

Post by ethanolson » Fri Dec 06, 2019 3:02 am

No azure. It worked in the past but the newest SE client was tested and it doesn't validate when a CA cert is in the store. It's operating blind trust with no regard to the checkbox to validate server certificate explicitly even though a server cert is specified. Without the CA cert then it validates the specified certificate. I can work with that but do wish for a feature to choose explicit validation even with a trusted CA cert. Also, I wish it could support a 7680 bit certificate. Today it caps at 4096 bit. Oh well. I really like so much about SoftEther that I will definitely continue using it.

cedar
Site Admin
Posts: 1205
Joined: Sat Mar 09, 2013 5:37 am

Re: Failed server validation by individual certificate in SE 4.31

Post by cedar » Fri Dec 06, 2019 4:20 am

In my environment, dialog windows are shown when the server presents a certificate that is not the unique certificate specified in the connection settings.
[attachment=0]clipboard.png[/attachment]
You do not have the required permissions to view the files attached to this post.

Post Reply