cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Wildcard Certificate IPsec VPN repository

Jump to solution

Hi All,

 

Has anyone tried importing a wild card certificate into the IPsec VPN repository?. I am looking to change the default certificate which is shown to VPN clients, (General Properties > VPN Clients > "the gateway authenticates with this certificate".

We have a client using a wildcard cert from GoDaddy for other services. I tried following the documentation in terms of adding the cert CA and intermediate CA and creating the CSR request under the IPSec VPN repository. 

The challenge is I cannot use this enrollment request since this task is already down outside the firewall. Is there a way to import the certificate since it throws an error on Smart Console (R80.20 mgmt and gw). "the new issued certificate does not match the enrollment request" which is expected.

 

0 Kudos
1 Solution

Accepted Solutions

Re: Wildcard Certificate IPsec VPN repository

Jump to solution

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

View solution in original post

5 Replies

Re: Wildcard Certificate IPsec VPN repository

Jump to solution

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

View solution in original post

Re: Wildcard Certificate IPsec VPN repository

Jump to solution
Mobile access blade is indeed enabled and the certificate under it's portal settings is set the .p12 wild card certificate.

Is there a way to confirm that the remote access clients are now using the same certificate as one applied in the mobile access settings?
0 Kudos

Re: Wildcard Certificate IPsec VPN repository

Jump to solution

you can delete the site on one of the client using the endpoint/win10 plugin and see wich certificate is pronted

0 Kudos

Re: Wildcard Certificate IPsec VPN repository

Jump to solution
This procedure and the earlier info on Certificate referenced under Mobile access blade portal settings was right on. Thanks for your inputs, appreciate it.
Saved me a TAC case 😉
0 Kudos

Re: Wildcard Certificate IPsec VPN repository

Jump to solution

glad to help 🙂

0 Kudos