I end up VPNing into a lot of different companies networks, and the thing that I see that always kills me is when I VPN I’m given an SSL URL to connect to in order to get connected, but before the site appears I get a security warning that the SSL certificate isn’t trusted for that URL.
The entire point of SSL VPNs is that it makes a secure trusted SSL encrypted connection between you and the company network. If the SSL certificate isn’t trusted then there’s no way to know that the certificate was actually issued to protect this network. In other words there’s no way to be sure that there’s no man in the middle attack going on where all the network traffic to the VPN is being sniffed.
So I beg, I implore you … if you are going to use being some sort of SSL VPN spend the couple hundred bucks and get a proper SSL certificate for it so that you know you can trust the connection.
Contact the Author | Contact DCAC