cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

An invalid or expired certificate was presented by the server

Alexander_Berg
Nimbostratus
Nimbostratus

Hi Guys!

 

So we are building a per-app VPN setup using Intune för iOS (iPADOS) units and we pushed out F5 Access app along with Intune F5 Access App which is then configured using F5 Access VPN profile using authentication with certificate which is pushed out to the device from internal CA using connector. Certificates for device is installed fine along side with root and intermediate, the profile in F5 Access app has all the settings correct and the certificate is listed.

 

On server side we also configured everything with access policy for iOS, we have added certificate for root and intermediate for trust and everything looks as it should but we seem to have missed something and are unable to initiate a VPN connection, the device attempts to start a VPN tunnel but failes to do so with error " An invalid or expired certificate was presented by the server"

 

What are we missing? Something with the ceritficates? a setting on device? something on server we missed adding the trust?

 

 

  • 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:435, startTunnel(options:completionHandler:), ------------------------------------------------------------
  • 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:436, startTunnel(options:completionHandler:), Release Version: 3.0.7
  • 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:437, startTunnel(options:completionHandler:), Bundle Version: 3.0.7.402
  • 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:438, startTunnel(options:completionHandler:), Build Date: Mon Sep 9 12:13:19 PDT 2019
  • 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:439, startTunnel(options:completionHandler:), Build Type: CM
  • 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:440, startTunnel(options:completionHandler:), Changelist: 3134102
  • 2021-05-11,15:36:54:114, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:441, startTunnel(options:completionHandler:), Locale: English (Sweden)
  • 2021-05-11,15:36:54:114, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:442, startTunnel(options:completionHandler:), ------------------------------------------------------------
  • 2021-05-11,15:36:54:117, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:451, startTunnel(options:completionHandler:), Connection Parameters: Optional("serverAddress: https://ourserver.adress.com, password: , ignorePassword: false, passwordExpirationTimeStamp: -1, passwordReference: not-set, passwordExpired: false, identityReference: set, postLaunchUrl: , webLogon: false, launchedByUriScheme: false, vpnScope: device, startType: manual, deviceIdentity: assignedId: ,instanceId: ,udid: ,macAddress: ,serialNumber: ")
  • 2021-05-11,15:36:54:229, 537,21259[com.apple.NSURLSession-delegate],PacketTunnel, 1, AsyncURLRequest.swift:186, urlSession(_:didReceive:completionHandler:), Server certificate can not be trusted.
  • 2021-05-11,15:36:54:233, 537,21259[com.apple.NSURLSession-delegate],PacketTunnel, 1, ProfileDownloadOperation.swift:94, main(), Profile download failed: sslInvalidServerCertificate
  • 2021-05-11,15:36:54:236, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, SessionManager.swift:127, logon(connectionParams:completionHandler:), Failed to download Profile Settings...Error:sslInvalidServerCertificate
  • 2021-05-11,15:36:54:237, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, PacketTunnelProvider.swift:527, startTunnel(options:completionHandler:), Failed to logon Error Domain=f5PacketTunnelProvider Code=0 "An invalid or expired certificate was presented by the server" UserInfo={NSLocalizedFailureReason=Error Domain=PacketTunnel.AsyncURLRequestError Code=5 "An invalid or expired certificate was presented by the server", NSLocalizedDescription=An invalid or expired certificate was presented by the server}
  • 2021-05-11,15:36:54:238, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, PacketTunnelProvider.swift:383, displayMessageIfUIVisible, An invalid or expired certificate was presented by the server

 

Any thoughts be much appreciated!

 

Thanks in advance

Alex

1 REPLY 1

SanjayP
MVP
MVP

Don't have much experience with iOS app. But following article can be followed to troubeshoot clientside issues.

 

https://support.f5.com/csp/article/K29591125

 

To check, on server (F5) end please confirm if intermediate CA is correctly added in the clientssl profile and primary certificate is not expired. Simple test would be to open the browser and hit the URL to see if certificate is loading fine there.