Troubleshooting Wireless Guest Clients that shows an error “Certificate is untrusted”

Symptoms

  • Connecting a wireless guest clients shows an error message saying the Certificate is untrusted

Here is an example from one the client device:
fig 1.png

Cause:

  • This article provides troubleshooting steps and identifies issues with SSL certificates

Troubleshooting:

Ensure your cnMaestro needs to host a certificate from a trusted certificate authority and map the FQDN (fully qualified domain name.

Custom certificates that are provided by external or internal sources generally are multi-part entities. In addition to the Host Certificate (the certificate with the name of the URL that users are going to use to connect) there will be a root and possibly an intermediate certificate. To be valid, the complete chain of certificates must be available on the cnMaestro.

Ensure the client device has the root and intermediate certificates installed. We could make use of the online tool to cross verify the certificate for all browser compatibility by running an external SSL checker on the imported certificate.

You need to take the guest webpage URL or even the cnMaestro URL and paste it on the external SSL checker to verify the imported certificate.

Here is an examples Guest web page and cnMaestro URLs from my lab server:

There is a very good online tool which is free to use and does help most of the times when someone has different behavior for a SSL certificate by a server on various browsers.

https://www.sslshopper.com/ssl-checker.html

Here is an example screen shot of the certificate verification:

fig 2.png

Here is a message when intermediate certificate is missing:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.

Note:

                If your cnMaestro users (administrators) receive an SSL error message, please upload valid certificate and also refer to below community link for more information.

https://community.cambiumnetworks.com/t5/cnMaestro/Concatenate-the-CA-Signed-Certificates-with-Internal-amp/m-p/112883#M97