https://community.checkpoint.com/t5/Endpoint/explanation-needed-for-CRL-check-for-external-CAs/m-p/102180#M2768 <P>You GW must be able to resolve the crl.name.net somehow... This is the topic of sk105246 Users are not able to connect to Mobile Access Portal with certificate issued by a third party CA.&nbsp;</P> Mon, 16 Nov 2020 15:34:04 GMT G_W_Albrecht 2020-11-16T15:34:04Z https://community.checkpoint.com/t5/Endpoint/explanation-needed-for-CRL-check-for-external-CAs/m-p/102147#M2767 <P>Hi,</P><P>I'm looking for an explanation about the CRL machanism for external CA (R80.20)</P><P>Here's our scenario -&nbsp;</P><P>Users use Checkpoint Mobile VPN client to connect to the Checkpoint gateway. Authentication is performed using a client certificate that we create for each user on our internal CA, and the users install on their PC.</P><P>I am trying to figure out who, when and how exactly is the CRL of the client certificate is being checked?</P><P>All articles I found online only regard Checkpoint Internal CA.</P><P>Any help would be much appreciated.</P><P>Thank you</P> Mon, 16 Nov 2020 11:26:59 GMT https://community.checkpoint.com/t5/Endpoint/explanation-needed-for-CRL-check-for-external-CAs/m-p/102147#M2767 Jonathan 2020-11-16T11:26:59Z https://community.checkpoint.com/t5/Endpoint/explanation-needed-for-CRL-check-for-external-CAs/m-p/102180#M2768 <P>You GW must be able to resolve the crl.name.net somehow... This is the topic of sk105246 Users are not able to connect to Mobile Access Portal with certificate issued by a third party CA.&nbsp;</P> Mon, 16 Nov 2020 15:34:04 GMT https://community.checkpoint.com/t5/Endpoint/explanation-needed-for-CRL-check-for-external-CAs/m-p/102180#M2768 G_W_Albrecht 2020-11-16T15:34:04Z