This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Amber
Participant
3 weeks ago
Jump to solution

Capsule Connect VPN Issue(The site's certificate has expired)

Hi all,

I'm encountering a problem. I have a 5000 series gateway (R81.10) managed by SMS (R81.20). Last Friday, I renewed the VPN certificate for the 5000 series gateway. After renewing the certificate, both the IPsec VPN and the desktop Remote Access VPN client are working well.

However, VPN connections from mobile devices using Capsule Connect are not working. When attempting to connect via Capsule Connect, the client displays a message indicating that the site's certificate has expired.

Please suggest. Many thanks.

Labels
Preview file
32 KB
0 Kudos
1 Solution

Accepted Solutions
Amber
Participant
Thursday
Jump to solution

Many thanks to everyone for their help. I opened a technical ticket with Check Point support. They suggested using the command "#fw kill vpnd" to restart the VPN process. I tried it, and it worked. Thank you very much again.

View solution in original post

0 Kudos
9 Replies
the_rock
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

Hey Amber,

Can you have them try delete/re-create the site and test? Just have one or two random users do that.

Andy

0 Kudos
Lesley
MVP Gold
MVP Gold
3 weeks ago
Jump to solution

You sure the clients trust the new certificate? 

https://support.checkpoint.com/results/sk/sk167255

Just to make sure you done policy push after cert renewal? 

-------
If you like this post please give a thumbs up(kudo)! 🙂
(1)
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to Lesley
Jump to solution

Good points @Lesley 

0 Kudos
Amber
Participant
3 weeks ago
In response to Lesley
Jump to solution

Hi Lesley,

When using Capsule Connect to establish a VPN connection, the self-signed certificate does not appear to trust. According to sk167255, the recommended solution is to add a third-party trusted certificate to the Mobile Access Blade.
May I kindly ask if it is possible to use the gateway’s self-signed certificate for Mobile Access instead?

Many thanks.

0 Kudos
Lesley
MVP Gold
MVP Gold
3 weeks ago
In response to Amber
Jump to solution

Hi

As user still is able not to trust a third party (not self-signed) certificate. If you import certificate without the Intermediate CA and only the certificate systems can complain about it: invalid certificate. Normally you import all Intermediate CA's including the certificate and not the root CA. You can also include root ca but that should not be needed as it is expected that all clients are known with the root ca. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to Amber
Jump to solution

You can use the Internal CA for this, but for the error message to go away, the end user will have to manually configure the CA as trusted on their device.

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to PhoneBoy
Jump to solution

I guess similar to ssl inspection...maybe not best comparison though.

0 Kudos
Amber
Participant
Thursday
Jump to solution

Many thanks to everyone for their help. I opened a technical ticket with Check Point support. They suggested using the command "#fw kill vpnd" to restart the VPN process. I tried it, and it worked. Thank you very much again.

0 Kudos
the_rock
MVP Gold
MVP Gold
Thursday
In response to Amber
Jump to solution

Great! Thanks for letting us know, appreciated.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events