SSL Certificate Issuer shows as an alphanumeric string

I correctly issued and installed (several times to be honest) the certificates.
The website is correctly secured and works fine, until I connect to my corporate VPN using Pulse Secure.
Using the same connection other websites secured with Let’s Encrypt certificates (like this forum) are working correctly, but mine https://gsdprague.com is not.
I reckon that the issue lies on the fact that when connected to the VPN, the “Issued by” field of the certificate appears as an alphanumeric string instead of “Let’s Encrypt Authority X3”.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gsdprague.com / hivemind.gsdprague.com

I ran this command: n/a

It produced this output: n/a

My web server is (include version): Apache/2.4.38

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: VPS resides on DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Webmin 1.930

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0 (for hivemind.gsdprague.com I manually installed and configured everything, but the issue is the same)

Hi @gabrieletesser

that’s not a Letsencrypt certificate.

That’s a certificate created from a Virus scanner or something else, that tries to break the SSL connection.

So you don’t see the Letsencrypt certificate. Remove that Virus scanner or remove something like “deep inspection”.

PS: Letsencrypt certificates are 90 days valid -> too long.

actually, I see it just fine.

https://www.ssllabs.com/ssltest/analyze.html?d=gsdprague.com&hideResults=on&latest

Hi @JuergenAuer,

Regarding the above, I thought it could be something related to security features of the corporate VPN.
This problem is only when I am connected with Pulse, when I attempt the connection from any other network (mobile, home, office) it works flawlessly.

What I don’t understand is why other website secured with Let’s Encrypt certificates do not have this issue.

I’ve been trying to change a bit Apache configuration, but none of the configs I tried actually worked.

Maybe I’m missing something in the server configuration?

maybe pulse is inspecting websites according to some kind of categorization.

you might want to try ooni probe (some risks involved)

It’s not your server, your server is fine - see https://check-your-website.server-daten.de/?q=gsdprague.com

You have some errors, but these are not the problem of that Certificate, that’s not a LE certificate.

It’s a problem of the client or an instance between that client and your server.

The fact that it begins with “FGT” might mean it’s a FortiNet FortiGate device, for what it’s worth.

Hi @mnordhoff,

that’s a useful piece of info indeed. If I chose to proceed to the website anyway, I receive the following message from FortiGuard Web Filtering.

And there is no workaround I guess from my side, apart requesting the classification for the domain. Am I right?

that depends on what you are using the vpn for.

you need to configure it to do split tunnel and only send the minimum possible traffic through the vpn

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.