Page 1 of 1

OneConnect: Client stuck in "Connecting"/"Certificate trust error"

Posted: 14 May 2019, 08:42
by ansj
This FAQ applies to:
  • OneConnect client for Mac

Question:
This FAQ will answer two scenarios which have the same answer:
1. OneConnect gets stuck in "Connecting" state but I am able to connect to Clavister SSL VPN from Windows. How do I fix this?
2. I'm getting a "Certificate trust error" message when connecting OneConnect. How do I validate the certificate?


Answer:
Scenario 1 is possibly caused by a missing certificate even though no error message pops up. In order to verify if this is what's causing the issue, you could check the Client logs. To see logs from the client, go to the Console under Application and then filter for "OneConnect". If you see logs there complaining about "Unknown Certificate" you know that the problem is with the certificate.

To solve the certificate issue, use a browser to connect to the Firewall using HTTPS (e.g. for management). Then you will most likely get a certificate warning in your browser, export that certificate and save it into your Mac OS Keychain, then make sure OneConnect is set to trust this certificate. When this is done, OneConnect should trust the certificate and be able to connect successfully.

NOTE: If you are unable to save the certificate to your Mac from the browser, try using a different browser.