https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153167#M6446 <P>Im pretty positive that wildcard certs are indeed supported. I think one of my customers had this exact issue before, so will try comb through my notes tomorrow and see how we fixed it.</P> Sun, 17 Jul 2022 21:48:49 GMT the_rock 2022-07-17T21:48:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153165#M6445 <P>I uploaded a DigiCert wildcard certificate for *.domain.com via Gateway Properties &gt; Mobile Access &gt; Portal Settings. I configured a VPN site using vpn.domain.com as the server name but I still get a certificate not trusted error while creating the site. The details window said that the certificate is for *.domain.com while the site is for vpn.domain.com.&nbsp;</P><P>Are wildcard certs supported for remote access VPN? What do I need to do?</P> Sun, 17 Jul 2022 19:25:56 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153165#M6445 RickyDan 2022-07-17T19:25:56Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153167#M6446 <P>Im pretty positive that wildcard certs are indeed supported. I think one of my customers had this exact issue before, so will try comb through my notes tomorrow and see how we fixed it.</P> Sun, 17 Jul 2022 21:48:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153167#M6446 the_rock 2022-07-17T21:48:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153230#M6447 <P>Ok thanks. Awaiting your update.</P> Mon, 18 Jul 2022 12:15:17 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153230#M6447 RickyDan 2022-07-18T12:15:17Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153233#M6448 <P>Would you mind send a screenshot? I just want to confirm it was exact same issue I had as well.</P> Mon, 18 Jul 2022 12:37:13 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153233#M6448 the_rock 2022-07-18T12:37:13Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153235#M6449 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp-wildcard-error.PNG" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17218iE9EDFE19F1347F0C/image-size/medium?v=v2&amp;px=400" role="button" title="cp-wildcard-error.PNG" alt="cp-wildcard-error.PNG" /></span></P> Mon, 18 Jul 2022 12:43:19 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153235#M6449 RickyDan 2022-07-18T12:43:19Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153236#M6450 <P>Definitely not the same issue, their problem was that something was wrong with the cert, once they got the right one, all worked fine. Anyway, here is what I find a bit odd...why does it show connecting to *.abc.com, rather than say vpn.abc.com? That makes no sense...what are people entering when creating a site?</P> Mon, 18 Jul 2022 12:46:16 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153236#M6450 the_rock 2022-07-18T12:46:16Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153240#M6451 <P>I created the VPN site with vpn.domain.com and the wildcard cert is uploaded in the Mobile Access portal settings.</P> Mon, 18 Jul 2022 12:51:52 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153240#M6451 RickyDan 2022-07-18T12:51:52Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153244#M6452 <P>Yes this is a known issue - wildcards are supported but you will get this warning on the 1st connection.&nbsp; I recall previous discussions on CheckMates where this was also highlighted.&nbsp; In my opinion the warning should not be thrown.</P> Mon, 18 Jul 2022 13:01:40 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153244#M6452 Ruan_Kotze 2022-07-18T13:01:40Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153245#M6453 <P>Thats good to know, because I dont recall seeing that before on first connection. I know thats been like forever for regular RA vpn, but dont remember seeing it when using wildcard cert for mobile access. Maybe its just me getting old-ER : - )</P> Mon, 18 Jul 2022 13:07:42 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153245#M6453 the_rock 2022-07-18T13:07:42Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153246#M6454 <P>Hey, thanks. This means it makes no difference leaving it as the self-signed certificate since the warning still shows when creating the site.</P> Mon, 18 Jul 2022 13:12:41 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153246#M6454 RickyDan 2022-07-18T13:12:41Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153251#M6455 <P>see&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk118454&amp;partition=Advanced&amp;product=Endpoint" target="_self"><SPAN>sk118454</SPAN></A></P> Mon, 18 Jul 2022 13:49:55 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Wildcard-certificate-not-trusted/m-p/153251#M6455 JanVC 2022-07-18T13:49:55Z