This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Igor_Narkevich
Explorer
4 weeks ago

Check Point gateway sends an expired (and deleted) certificate to Android.

Hi everyone.

R81.20 take 65                  with standalone Nanagement server.

Endpoint Security VPN    (desktops/laptops, Windows & MacOS)
Capsule VPN                     (phones/tabs, Android)

Everything worked until I renewed the IPsec VPN certificate.
Desktops continued working with the new certificate (this can be seen in the log),
but there is a problem with Android.
Check Point gateway sends an expired certificate to Android (visible by fingerprint).

The expired certificate has been deleted on the Nanagement server.

Where does it get it?
And how can I fix this?

0 Kudos
5 Replies
_Val_
Admin
Admin
4 weeks ago

I assume your phones are using Capsule.

 

First, double-check that you updated the Mobile Access certificate, not just the VPN certificate on the affected GW. Afterwards, reinstall policy.

If the issue still remains, open a TAC ticket. 

0 Kudos
Igor_Narkevich
Explorer
4 weeks ago
In response to _Val_

double-check that you updated the Mobile Access certificate

I do not know how to do that 😞

Only here

vpn01.PNG

0 Kudos
CheckMatesAI
Bot
4 weeks ago
In response to Igor_Narkevich

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

To update the Mobile Access certificate on your Check Point gateway, follow these steps:

  1. Log in to SmartConsole:

    • Open the SmartConsole application.

  2. Access Gateways & Servers:

    • From the left Navigation Toolbar, click on "Gateways & Servers".

  3. Open Security Gateway Properties:

    • Select the relevant Security Gateway object.
    • Navigate to the "Mobile Access" section.

  4. Portal Settings:

    • Go to "Portal Settings" under the Mobile Access section.

  5. Import or Replace Certificate:

    • In the Certificate section, click on "Import" or "Replace".
    • Choose the new certificate file you wish to use.

  6. Install Access Control Policy:

    • After importing the certificate, install the Access Control Policy on the Security Gateway to apply the changes.

For more detailed guidance, you can refer to the Mobile Access R82 Administration Guide.

If you encounter any issues or need further assistance, feel free to ask!

0 Kudos
Igor_Narkevich
Explorer
4 weeks ago
In response to CheckMatesAI

This portal uses an auto-generated certificate.
I renewed the auto-generated certificate.
But GW continues to give out the old (expired and deleted) certificate
and only for mobile devices.

ICA03.PNG

ICA04.PNG 

 

 

 

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to Igor_Narkevich

I assume you've installed policy since making these changes?
It might also be worth doing a cprestart on the gateway (requires downtime) to see if that resolves the issue.
Otherwise, I suggest involving TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events