Skip to content
Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
Got a problem with Viscosity or need help? Ask here!
Hello, we recently switched to Okta SSO and one user also encountered the same issue. He was able to connected yesterday and wasn't able to connect this morning and viscosity prompt this message (in screenshot). He's hesitant to click continue since he's not sure if it's safe to do so.
After a couple attempts, he was able to connect successfully again without the prompt. He is on the latest version of viscosity. Here are the viscosity logs.
```
2025-01-31 10:08:24: State changed to Connecting
2025-01-31 10:08:24: Checking reachability status of connection...
2025-01-31 10:08:24: Connection is reachable. Starting connection attempt.
2025-01-31 10:08:25: OpenVPN 2.6.12 aarch64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2025-01-31 10:08:25: library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
2025-01-31 10:08:25: Resolving address: example.example.com
2025-01-31 10:08:25: Valid endpoint found: 1.1.1.1
udp
2025-01-31 10:08:25: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: UDPv4 link local: (not bound)
2025-01-31 10:08:25: UDPv4 link remote: [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: State changed to Authenticating
2025-01-31 10:08:25: [example.example.com] Peer Connection Initiated with [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: Web Auth authentication request received from server. Attempting to load URL...
2025-01-31 10:08:33: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:34: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:35: Error: Authentication URL failed to load. Server returned HTTP code 403.
2025-01-31 10:08:35: State changed to Disconnecting (Open URL Failed)
2025-01-31 10:08:35: event_wait : Interrupted system call (fd=-1,code=4)
2025-01-31 10:08:35: SIGTERM[hard,] received, process exiting
2025-01-31 10:08:35: State changed to Disconnected (Process Terminated)
2025-01-31 10:14:30: Viscosity Mac 1.11.4 (1702)
2025-01-31 10:14:30: Viscosity OpenVPN Engine Started
2025-01-31 10:14:30: Running on macOS 15.2
```
Any help will be appreciated since it's happening sporadically and doesn't resolve on its own immediately. Thank you very much!
After a couple attempts, he was able to connect successfully again without the prompt. He is on the latest version of viscosity. Here are the viscosity logs.
```
2025-01-31 10:08:24: State changed to Connecting
2025-01-31 10:08:24: Checking reachability status of connection...
2025-01-31 10:08:24: Connection is reachable. Starting connection attempt.
2025-01-31 10:08:25: OpenVPN 2.6.12 aarch64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
2025-01-31 10:08:25: library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
2025-01-31 10:08:25: Resolving address: example.example.com
2025-01-31 10:08:25: Valid endpoint found: 1.1.1.1
2025-01-31 10:08:25: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: UDPv4 link local: (not bound)
2025-01-31 10:08:25: UDPv4 link remote: [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: State changed to Authenticating
2025-01-31 10:08:25: [example.example.com] Peer Connection Initiated with [AF_INET]1.1.1.1:1111
2025-01-31 10:08:25: Web Auth authentication request received from server. Attempting to load URL...
2025-01-31 10:08:33: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:34: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:35: Error: Authentication URL failed to load. Server returned HTTP code 403.
2025-01-31 10:08:35: State changed to Disconnecting (Open URL Failed)
2025-01-31 10:08:35: event_wait : Interrupted system call (fd=-1,code=4)
2025-01-31 10:08:35: SIGTERM[hard,] received, process exiting
2025-01-31 10:08:35: State changed to Disconnected (Process Terminated)
2025-01-31 10:14:30: Viscosity Mac 1.11.4 (1702)
2025-01-31 10:14:30: Viscosity OpenVPN Engine Started
2025-01-31 10:14:30: Running on macOS 15.2
```
Any help will be appreciated since it's happening sporadically and doesn't resolve on its own immediately. Thank you very much!
Attachments
Screenshot 2025-01-31 at 9.47.55 AM.png (98.81 KiB) Viewed 10039 times
Hi lix98755,
I've split this off from the original topic as it's a different issue. In this case it looks like the errors are valid:
There are two things going on here. Firstly, either the authentication webpage, a component of the webpage (such as a frame, and image, a Javascript file, etc.), or another page the server is redirecting too, is presenting an invalid HTTPS/SSL certificate (at least as far as macOS is concerned).
You can click the "Show Certificate" button to get more information on the certificate. If this is only happening for a single user, then it's likely something is trying to MITM the HTTPS connection (such as web filtering/security software, or a malicious actor). Make sure they try uninstalling any such software and see if the issue persists. Also make sure there is no router/firewall/UTM on the network that could be trying to MITM HTTPS connections. The certificate's information (such as issuer details) may offer some clues as to where it is coming from.
If this is happening for other users, or only sporadically, then this is likely a problem with the authentication webpage/server, and you'll need to reach out to whoever is managing it. It's possible the user is hitting a different server on the backend (for example due to a CDN) which is misconfigured. There could also be a problem with the user's DNS on their local network and the web domain is resolving to the wrong IP address. In the meantime if you're sure the connection is secure the user can click the "Continue" button.
Secondly it appears the web server is returning a HTTP 403 Forbidden error. If this is still occurring after resolving the SSL certificate warnings then I recommend getting in touch with the web server administrator to check the logs to see why this is the case.
Cheers,
James
I've split this off from the original topic as it's a different issue. In this case it looks like the errors are valid:
Code: Select all
2025-01-31 10:08:33: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:34: Warning: Invalid certificate for the Authentication URL or one of its sub-URLs.
2025-01-31 10:08:35: Error: Authentication URL failed to load. Server returned HTTP code 403.
There are two things going on here. Firstly, either the authentication webpage, a component of the webpage (such as a frame, and image, a Javascript file, etc.), or another page the server is redirecting too, is presenting an invalid HTTPS/SSL certificate (at least as far as macOS is concerned).
You can click the "Show Certificate" button to get more information on the certificate. If this is only happening for a single user, then it's likely something is trying to MITM the HTTPS connection (such as web filtering/security software, or a malicious actor). Make sure they try uninstalling any such software and see if the issue persists. Also make sure there is no router/firewall/UTM on the network that could be trying to MITM HTTPS connections. The certificate's information (such as issuer details) may offer some clues as to where it is coming from.
If this is happening for other users, or only sporadically, then this is likely a problem with the authentication webpage/server, and you'll need to reach out to whoever is managing it. It's possible the user is hitting a different server on the backend (for example due to a CDN) which is misconfigured. There could also be a problem with the user's DNS on their local network and the web domain is resolving to the wrong IP address. In the meantime if you're sure the connection is secure the user can click the "Continue" button.
Secondly it appears the web server is returning a HTTP 403 Forbidden error. If this is still occurring after resolving the SSL certificate warnings then I recommend getting in touch with the web server administrator to check the logs to see why this is the case.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
2 posts
Page 1 of 1