Remediation Step for Certificate Mismatch in VMware Tunnel
Question
An administrator is troubleshooting the Per-App VPN function in the VMware Tunnel and runs the following command: openssl s_client ""showcerts ""connect <TunnelHostname>:8443
They notice that the response is the certificate from their firewall and not the certificate from the Tunnel server.
What remediation step should be taken?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The command "openssl s_client "showcerts" connect <TunnelHostname>:8443" is used to establish a connection to the specified Tunnel server and display the server's SSL/TLS certificate information. The fact that the response is showing the certificate from the firewall instead of the Tunnel server indicates that the SSL/TLS traffic is not properly being routed through the Tunnel.
To remediate this issue, option C is the correct answer: "The VMware Tunnel should be re-configured to trust the certificate from the firewall." This means that the SSL/TLS traffic should be allowed to pass through the firewall, but the Tunnel should also be configured to trust the firewall's certificate so that it can properly identify the Tunnel server's certificate.
Option A ("The VMware Tunnel should be re-configured to use the certificate from the firewall") is not the correct answer, as it would cause the Tunnel to use the wrong certificate and potentially compromise security.
Option B ("The VMware Tunnel SSL traffic needs to pass through the firewall unmodified") is also not the correct answer, as this would not address the issue of the Tunnel server's certificate not being properly identified.
Option D ("The VMware Tunnel Certificate should be exported from the console and uploaded to the firewall") is not necessary in this scenario, as the issue is with the Tunnel server's certificate not being properly identified, rather than a problem with the Tunnel server's certificate itself.
