Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MasterSomy
Explorer
Jump to solution

Choose the Machine Authentication Cetificate

Hi,

We wanted to test the new Machine Authentication Feature of the Windows VPN Clients.
we are currently facing the problem that we get one Certificate enrolled by default by our AD and we have the certificate to authenticate our Client. The Problem is the VPN Client tries to use the auto enrolled one, but it doesn't work. If we delete it is functioning.

Is there a method to choose witch one will be used?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.
MasterSomy
Explorer
Thank you.
That is unfortunate it would be great when we had the option to do that or at least Choose from which CA it will be used so we could guaranty that it would use the right one.
0 Kudos
Milan_Jovanovic
Contributor

Hi PhoneBoy,

Regarding this solution you described Machine Cert I have few questions:

When we implement Machine Cert is it possible at same time for some LDAP AD users for example in specific group or OU to use just AD user pass authentication without Machine Cert?

 When we implement Machine Cert are we able to authenticate with mobile device (Android,IOS etc) with endpoint client using same AD user for which is mandatory machine cert?

When we use AD + machine cert auth is it possible in same time for some users to use Local defined in SMS user+cert+pass endpoint authentication?

If answers are yes on this questions, can all of this function in same time?

AndreiR
Employee
Employee

Hi @Milan_Jovanovic ,

It is not possible to exclude usage of machine certificate for some group of users.

Two more your questions require clarification. Please describe what you would like to use in both cases.

0 Kudos
Milan_Jovanovic
Contributor

Thank you AndreiR.

Second question is about how machine certificate work with mobile devices Android IOS which are not domain computers. Can we authenticate on that devices with AD user?

Third question when we setup and use machine authentication for our LDAP users can we for external people that don't have AD account on SMS create local users with pass and cert and use them for authentication for endpoint vpn access?

0 Kudos
TheRealDiZ
Collaborator

Hey Guys,

 

If the AD is actually the CA for the machine, in which way do you have to set authentincation on the Check Point VPN Client?

If you choose "certificate" as method when you create the site, the client will ask you to import a certificate.

Is there anyway to configure it smoothly without importing the certificate?

The certificate (since the machine is part of the domain) should be already on the machine that is trying to connect in VPN right?

 

Thanks in advance for your reply! 🙂

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events