Hosted Websites SSL Warning - Mobile Devices

Hosted websites protected by SonicWall Cloud Secure Edge (CSE) show ‘This Connection Is Not Private’ warning when using the mobile app.

This behavior is because CSE uses privately signed certificates for your services (CSE Cluster and Private PKI). Since the mobile devices do not have the Root CA deployed onto them, they are unable to trust the certificate used for SSL. Therefore, we need to use a publicly trusted certificate on the Hosted Website (Let's Encrypt Certificates).

1.- Add Registered Domain

Settings > Certificates > Add Registered Domain

Registered Domains in CSE are public DNS records that are used to publish services for your workforce. When you register a domain and publish a service with that domain, public DNS will resolve the service domain name to an Access Tier in the Banyan Edge (Global Edge or Self-hosted Private Edge) for your org.

2.- Validate your Registered Domain

3.- Configure your Hosted Website to obtain a Let’s Encrypt Certificate

Private Access > Hosted Websites > Click the name of the Hosted Website > Edit > Uncheck ‘Use Unregistered Domain’ > Use ‘Let's Encrypt’ instead of ‘Banyan PKI’ and select your Registered Domain.

Users will now be able to access Hosted Websites on mobile devices without receiving the ‘This Connection Is Not Private’ warning.

Further Reading

Accessing Services and Networks via the Mobile App: https://docs.banyansecurity.io/docs/banyan-components/mobile-app/accessing-services-and-networks/ 

Use Let's Encrypt Certificates: https://docs.banyansecurity.io/docs/securing-private-resources/hosted-websites/lets-encrypt/

Cloud Secure Edge (CSE) Cluster and Private PKI: https://docs.banyansecurity.io/docs/banyan-components/command-center/cluster/