Juniper IC4500 lost connection to SSG520

 Problem Description : 

The Juniper IC4500 had lost connect to the Juniper SSG520 and RESNET clients would not open the RESNET logon page. From main Status page, the "dot" next to Enforcer Status SSG520 will not be green. The SSG520 had following error:

PKI: Cannot build certificate chain for cert with subject name CN=owl.gdn.edu,OU=Terms of use at www.verisign.com/rpa (c)05,OU=Computer Services Department,O=Gordon College,L=Barnesville,ST=Ge.

 Resolution : 

To correct, had to do the following on IC4500:

1) Open Configuration->Certificates->Device Certificates

2) Open the owl.gdn.edu certificate and remove the <Internal Port> from the Selected Virtual Ports:

3) Open the gdn11052.gdn.peachnet.edu certificate and add the <Internal Port> to the Selected Virtual Ports

4) Check again to see if SSG520 is connected under the main status page. If it is, reverse the <Internal Ports> in steps 2 and 3.

Can also SSH to the SSG520 and issue command:

'exec infranet controller connect' (or disconnect) to cause SSG520 to retry connecting or disconnecting from the IC4500. 

 Revision Date : 10/29/2012