Creating SSL connection failed

Oleg Fominykh olegfom at yahoo.com
Wed Mar 11 11:38:21 PDT 2015 

Hi, I am trying to connect to Juniper VPN. The authentication process is
successful all the way through including the prompt for the rsa key fob.
Openconnect logs into the VPN and I can observe another machine being
forced to log out because of that (which is a good thing). However, in
the end it throws the SSL error. Please see the log below. Is there
something that I can do to fix it?

Thanks.

Oleg.

ubuntu at ubuntu:~/Documents$ sudo openconnect -v --juniper --disable-ipv6
--cafile=ssl.crt junipervpn.company.com
WARNING: Juniper Network Connect support is experimental.
It will probably be superseded by Junos Pulse support.
GET https://junipervpn.company.com/
Attempting to connect to server 204.99.18.155:443
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate

Certificate from VPN server "junipervpn.company.com" failed verification.
Reason: unable to get local issuer certificate
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 302 Found
Location:
https://junipervpn.company.com/dana-na/auth/url_default/welcome.cgi
Content-Type: text/html; charset=utf-8
Set-Cookie: DSSIGNIN=url_default; path=/dana-na/; expires=Thu,
31-Dec-2037 00:00:00 GMT; secure
Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure
Set-Cookie: DSSignInURL=/; path=/; secure
Connection: close
Content-Length: 0
HTTP body length:  (0)
GET https://junipervpn.company.com/dana-na/auth/url_default/welcome.cgi
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Mar 2015 18:20:50 GMT
x-frame-options: SAMEORIGIN
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
HTTP body http 1.0 (-1)
frmLogin
realm [Company Users|Other Users]:Company Users
frmLogin
username:myusername
password:
POST https://junipervpn.company.com/dana-na/auth/url_default/login.cgi
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 302 Moved
location:
https://junipervpn.company.com/dana-na/auth/url_default/welcome.cgi?p=more-cred&id=state_1521c91dcc06202c333fd6fe3361253c
Content-Type: text/html; charset=utf-8
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
HTTP body http 1.0 (-1)
GET
https://junipervpn.company.com/dana-na/auth/url_default/welcome.cgi?p=more-cred&id=state_1521c91dcc06202c333fd6fe3361253c
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Mar 2015 18:21:05 GMT
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
HTTP body http 1.0 (-1)
frmLogin
password#2:
POST https://junipervpn.company.com/dana-na/auth/url_default/login.cgi
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 302 Moved
Set-Cookie: DSASSERTREF=x; path=/; expires=Thu, 01 Jan 1970 22:00:00
GMT; secure
Set-Cookie: DSID=18cbe9dc0a531e43669bd0945ce090a2; path=/; secure
Set-Cookie: DSFirstAccess=1426098079; path=/; secure
Date: Wed, 11 Mar 2015 18:21:19 GMT
location: https://junipervpn.company.com/dana/home/starter0.cgi?check=yes
Content-Type: text/html; charset=utf-8
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
Content-Length: 0
HTTP body length:  (0)
GET https://junipervpn.company.com/dana/home/starter0.cgi?check=yes
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 200 OK
Content-type: text/html; charset=utf-8
Set-Cookie: DSLastAccess=1426098079; path=/; Secure
Connection: close
Pragma: no-cache
Cache-Control: no-store
Expires: -1
HTTP body http 1.0 (-1)
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 3
Set-Cookie: DSLastAccess=1426098080; path=/; Secure
Connection: close
SSL negotiation with junipervpn.company.com
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on junipervpn.company.com
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 3
Set-Cookie: DSLastAccess=1426098080; path=/; Secure
Connection: close
0000: 13 00 00 04 00 00 00 06 00 75 62 75 6e 74 75 bb
0010: 01 00 00 00 00
Server response to hostname packet is error 0x08
Creating SSL connection failed

More information about the openconnect-devel mailing list