CL VPN certificate replacement

The SSL certificate used to authenticate the CL-specific instance of the UIS VPN service at vpn.cl.cam.ac.uk is scheduled for routine replacement on Tuesday 13th February at about 08:00. The purpose of this certificate is to give the VPN client the assurance that it is communicating securely with the correct service.

The change ought to be entirely transparent, but on this occasion there is a known issue which may affect Windows users. The replacement certificate is signed by a different certificate authority from the previous one. Owing to the way that Microsoft manage certificate trust, a VPN connection may fail if the machine has not previously connected to a web site which uses the same CA.

If you encounter this problem, or wish to pre-empt it, the simplest workaround is to visit https://talks.cam.ac.uk/ using Internet Explorer, Microsoft Edge, or Google Chrome. (Firefox will not work for this). Simply visiting the site will have the side effect of updating the trusted root store which will allow the VPN connection to work.

 

This entry was posted in Local IT systems. Bookmark the permalink.