SSLVPN 'AM#1506 : SSLVPN Server certificate validation failed' error

  • 7002860
  • 30-Mar-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.X SSLVPN Server

Situation

SSLVPN server setup with Kiosk mode enabled
The test-stunnel certificate has been assigned to the SSLVPN cert store
All users can connect to the SSLVPN server in Kiosk mode, and successfully access protected back
end applications.

One morning, about 10% of users reported issues connecting to the SSLVPN server. Instead of getting
the green 'connected' message, the users received the following message:

'AM#1506 : SSLVPN Server certificate validation failed'

Resolution

Make sure that all workstations have their time set correctly ie. pointing to an NTP server.

The certificate assigned to the Kiosk mode SSLVPN server is the test-stunnel cert. The s-tunnel certificate (and all test-* certificates) are automatically renewed within 30 days of the certificate expiring. When the certificate was renewed, the NotValidBefore certificate attribute included the time from 2 days ago. However, the client host's time was more than 2 days out, and the cert validation process failed. Pointing the host to a local NTP server addressed the issue.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.