topic Re: Machine Auth via Certificate Not Working in SASE and Remote Access

Machine Auth via Certificate Not Working

Rajan_Pradhan — Thu, 26 Aug 2021 14:22:59 GMT

I have client version 85.2, trying to configure machine certificate authentication. SMC and gateway is R80.40. I cannot get it to authenticate, client errors with "negotiation with site failed". Trac.log shows the telling below errors, however when I check the SMC the root CA is definitely installed there correctly. and the second log below shows the matching DN, so the client does seem to trying to macth the right cert. Ive tried different client versions, replacing client certificates, reinstalling root CA, running out of ideas. ANy help appreciated!

[ 5356 10308][26 Aug 21:55:53][RaisCertManager] RaisCertManager::CertManager::GetCertByName: Can't retrieve the Root CA for the cert.
[ 5356 10308][26 Aug 21:55:53][RaisCertManager] RaisCertManager::CertManager::GetCertByName: temp_cert is null!! => No cert was found with the given cert_name= [CN=XXX,O=XXX,L=XXX,ST=XX,C=XX;O=XXX.f97wmb]
[

Re: Machine Auth via Certificate Not Working

Chris_Atkinson — Thu, 26 Aug 2021 15:37:23 GMT

Hi,

What's in the Subject field of the machine certificate, note it cannot be empty?

Re: Machine Auth via Certificate Not Working

Rajan_Pradhan — Fri, 27 Aug 2021 03:15:24 GMT

Hi Chris! Thanks so much for your response. Yes, by default autoenrolled machine certificates have a blank subject. However I have manually created a new cert with FQDN in the subject, which made no difference to the issue. 😞

Re: Machine Auth via Certificate Not Working

Rajan_Pradhan — Mon, 20 Sep 2021 02:48:48 GMT

Problem was solved with sk175111.