https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136247#M4927 <P>I'm running into a client side certificate chain issue with a private PKI card. The keychain contains all root and intermediate CA's and it looks like the E85.30 client is not able to utilize it for smartcard validation. Did anybody run into this and how did you solve it? The client does work fine with other methods of authentication (radius/local accounts etc).</P><P>Debug logs don't show anything more than the displayed certificate chain message.</P><P>MacOS Versions tested:&nbsp;</P><P>- Catalina<BR />- Big Sur<BR />- Monterery</P><P>The smart card is exposed to MacOS using Gemalto SafeNet authentication clients and works fine in other applications.&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="EndPoint Security VPN 85.30 MacOS Monterery.png" style="width: 649px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14543iAA275C2C917B0A94/image-size/large?v=v2&amp;px=999" role="button" title="EndPoint Security VPN 85.30 MacOS Monterery.png" alt="EndPoint Security VPN 85.30 MacOS Monterery.png" /></span></P> Tue, 14 Dec 2021 08:54:55 GMT rliessum 2021-12-14T08:54:55Z https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136247#M4927 <P>I'm running into a client side certificate chain issue with a private PKI card. The keychain contains all root and intermediate CA's and it looks like the E85.30 client is not able to utilize it for smartcard validation. Did anybody run into this and how did you solve it? The client does work fine with other methods of authentication (radius/local accounts etc).</P><P>Debug logs don't show anything more than the displayed certificate chain message.</P><P>MacOS Versions tested:&nbsp;</P><P>- Catalina<BR />- Big Sur<BR />- Monterery</P><P>The smart card is exposed to MacOS using Gemalto SafeNet authentication clients and works fine in other applications.&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="EndPoint Security VPN 85.30 MacOS Monterery.png" style="width: 649px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/14543iAA275C2C917B0A94/image-size/large?v=v2&amp;px=999" role="button" title="EndPoint Security VPN 85.30 MacOS Monterery.png" alt="EndPoint Security VPN 85.30 MacOS Monterery.png" /></span></P> Tue, 14 Dec 2021 08:54:55 GMT https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136247#M4927 rliessum 2021-12-14T08:54:55Z https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136679#M4933 <P>Unless&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/5692">@AndreiR</a>&nbsp;has a suggestion, recommend a TAC case.</P> Fri, 17 Dec 2021 19:43:39 GMT https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136679#M4933 PhoneBoy 2021-12-17T19:43:39Z https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136980#M4939 <P>I can follow the TAC route. Was hoping somebody else had run into this and was active here as well.</P> Wed, 22 Dec 2021 12:48:00 GMT https://community.checkpoint.com/t5/Endpoint/EndPoint-Security-VPN-85-30-amp-SmartCard-certificate-MacOS/m-p/136980#M4939 rliessum 2021-12-22T12:48:00Z