This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ilmo_Anttonen
Collaborator
‎2019-05-16 06:24 AM

Certificate warning when enabling SSL cert for Mobile Access VPN

Yesterday I added a SSL certificate to the MAB so that my customers users can log on to the vpn using an URL instead of IP-adress in the connection profile. I was planning to create a new .msi package with the client and new URL and distribute it via GP or put it on the portal site if I managed to put it there.

Now it seems the users are getting a security warning that the fingerprint and the VPN site has changed. Did this happen automatically or is it because somebody told the users there is a new URL? I don't know which yet but was hoping you guys could tell me how it works.

Also, in the future, if this happens automatically. What is the best way to deploy a MAB certificate without the users getting certificate warnings?

 

Capture.PNG

 

Thanks!

 

/ Ilmo

0 Kudos
2 Replies
Jerry
Mentor
Mentor
‎2019-05-16 07:01 AM

users will always have cert. warning tho, it is expected as it prompts for not-fully-pki CAPI certs I guess if I'm understanding you correctly?

did you gave users user-based certs or p12 one?

Jerry
0 Kudos
Ilmo_Anttonen
Collaborator
‎2019-05-16 11:00 PM
In response to Jerry

I don't have any previous experience working with certificates but I followed the SK on how to create CSR and install certificate for MAB. So I guess the .crt I installed on the GW and assigned to MAB is a .p12. I have not issued certificates to the user PCs.

Should I do that? I tried installing the VPN client on a new PC and then there was no cert warning. So I guess it was only for those who already had a relation with that GW. Since it was the GWs self-signed cert before and now it changed, hence the warning. Is that right?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events