"Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.

vishal3213208 · Jul 8, 2020, 4:14 AM

Hi Experts,

I am facing very weired issue and not able to find anything to resolve it. When I am trying to connect to anyconnect then I am getting "Authentication failed due to problem verifying server certificate." error after my credential authentication.
I trtied to find anything in alert page however not able to find anything. When I stop "pfBlockerNG DNSBL service" then it works absolutely fine. I tried adding server domain to DNSBL whitelist however it dosent seems to fix it.
Can soneone please suggest what I can do to fix this issue? I really dont want to un-install this package as it is working great otherwise.

Gertjan · Jul 8, 2020, 8:20 AM

@vishal3213208 said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.:

pfBlockerNG

pfBlockerNG by itself does nothing. It's installed totally empty.
Then, you chose feeds and added them.

Your VPN client uses certs to connect, and these are verified before every usage.
It seems to me that IP(s) used check the certs are listed ina feed, and thus blocked ?
The IP's are not reachable ?
The cert info is wrong, so your issue is not related to pfBlockerNG at all.

@vishal3213208 said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.:

I trtied to find anything in alert page however not able to find anything

Because pfBlockerNG isn' blocking ?

vishal3213208 · Jul 8, 2020, 9:00 AM

@Gertjan said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.:

The cert info is wrong, so your issue is not related to pfBlockerNG at all.

@Gertjan
That is the problem I am not able to figure out what is the problem and where to look for it.

It seems to me that IP(s) used check the certs are listed ina feed, and thus blocked ? : I am not sure about it are you aware of any feed which does this or you can guide me where I can find that. I am using following feed in DNSBL:
EasyList
ADs
Malicious
BBcan177

The IP's are not reachable ? It is rechable because as I mentioned once I stop DNSBL service then it work perfectrly fine also there is no issue with cert.

Gertjan · Jul 8, 2020, 9:24 AM

@vishal3213208 said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.:

and thus blocked

Blocked IP's are shown on the report page / alert and or DNSBL
Up to you to check who / which device was using that Ip - was it pfSense itself ?
The IP must be in one of your feeds used.