https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136122#M20565 <P>You may find that the solution in&nbsp;<SPAN>sk110779 will help here.</SPAN></P> Mon, 13 Dec 2021 05:24:35 GMT emmap 2021-12-13T05:24:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/135935#M20525 <P>Hi,</P><P>Using R80.20</P><P>We use Dynamic ID in Mobile Access blade to sent OTP via SMS to our users.</P><P>I got the link from our SMS provider and it's working fine when using HTTP.</P><P>But when using HTTPS it's failing. User gets error "Dynamic ID Authentication Failed".</P><P>When I try it in a browser it's working fine with HTTPS.</P><P>When I try with CURL from the GW, I get a certificate error.</P><P>I got the current site certificate from the SMS provider and imported the intermediate certificate to the "Trusted CAs" tab under HTTPS Inspection. the root certificate was already there -&nbsp; but it's still not working.</P><P>Only time I managed to get it working with CURL is when I used:</P><P>"curl_cli --cacert /opt/CPsuite-R80.20/fw1/database/ca_bundle.pem.<STRONG>tmp</STRONG>"</P><P>&nbsp;</P><P>Should I rename the file and remove the .tmp? I don't know what are the consequences are.</P><P>&nbsp;</P><P>Appreciate the help</P><P>&nbsp;</P> Sun, 12 Dec 2021 11:12:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/135935#M20525 Jonathan 2021-12-12T11:12:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136113#M20564 <P>Recommend engaging the TAC here.</P> Sun, 12 Dec 2021 23:52:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136113#M20564 PhoneBoy 2021-12-12T23:52:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136122#M20565 <P>You may find that the solution in&nbsp;<SPAN>sk110779 will help here.</SPAN></P> Mon, 13 Dec 2021 05:24:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136122#M20565 emmap 2021-12-13T05:24:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136125#M20567 <P>Hi Jonathan, to confirm are you running...</P> <P>&nbsp;</P> <P>R80.20 JHF T183 or higher per&nbsp;<SPAN>sk167177?</SPAN></P> <P><SPAN>-or-</SPAN></P> <P><SPAN>R80.20 JHF T203 or higher per sk170303?</SPAN></P> Mon, 13 Dec 2021 23:43:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136125#M20567 Chris_Atkinson 2021-12-13T23:43:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136155#M20571 <P>I had a similar case earlier this year. The gateway was R80.30 take 140<SPAN class="">&nbsp;and after installing take 236 stopped DynamicID due to an OSCP. Per&nbsp;sk167177 T140 shouldn't work but 236 should work - well, in my case it was vice versa, no one could ever explain me why. After all I upgraded to R80.40 - it worked even with no hotfix installed, again no explanation. I'll advice you to run a debug and look for OCSP errors. If this is the case - plan to upgrade to a higher version, for me personally I don't find any helpful in Solution part of sk167177.</SPAN></P> Mon, 13 Dec 2021 11:15:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Dynamic-ID-with-HTTPS-not-working/m-p/136155#M20571 MartinTzvetanov 2021-12-13T11:15:24Z