- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ssl vpn with ios and azure sso - wildcard certificate ?
Hello
We have a Fortigate 100E and were able to make ssl vpn from ios with the app with azure sso authentication.
But at the moment it is not working. I guess since an ios update.
We are using a wildcard cert for the sslvpn at 100E.
Could it be that ios is not accepting a wildcard cert and I need to switch to a single?
Error is "Untrusted Connection This Connection is untrusted. press OK to continue" - at ok, nothing happens.
Thank you.
David
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the iOS device trust the CA and intermediate CA's that signed the certificate? Is this a public or private CA? Why use a wildcard at all?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it is trusted. It is a public.
Why should I not want to use a wildcard cert?
Because I already bought it, and it is easier to manage one instead of multiple.
In the meantime I asked Fortinet Support.
They told me that the "latest" iOS Version that is supported by Forticlient app is 14.
https://docs.fortinet.com/document/forticlient/7.0.0/ios-administration-guide/394867
I think this is crazy, I can not believe it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is correct. I suspect this due to all of the security changes Apple has made in versions since iOS 14 (mainly certificate turst/use!). VPN, certificates, etc are notoriously difficult for mobile devices. This especially true when you aren't using an MDM.
