Hi,
endpoint-vpn with username/password is working well.
but with certificate from external ca it isnt working.
CA and SUBCA are setup as objects. ldap-accountunit is also setup.
i got the following error:
Time: 2019-06-28T12:52:51Z
Id: d977d512-0972-0000-5d16-0da300000000
Sequencenum: 2147483647
Category: Session
Event Type: Login
Name: Endpoint Security
Version: E81.00
Build Number: 986100516
User: yyy
Authentication Method: Certificate
User DN: CN=xxx,OU=Mitarbeiter,OU=Benutzer,OU=xxx,DC=intern,DC=xxx,DC=de
Certificate Fingerprint: 2f:79:67:2e:99:5b:95:68:83:8d:9c:c6:e3:ea:79:aa:8a:8d:30:69
Certificate Serial Number:74000004294ef08ececf626662000000000429
User Groups: ad_branch_Benutzer
Model: PC
OS Name: Windows
OS Version: 7
OS Edition: Professional
OS Service Pack: Service Pack 1
OS Build: 7601
OS Bits: 64bit
ID: C3DCD549-1354-4D35-A163-81495FDFDDF9
Re-authentication every:
Login Timestamp: 2019-06-28T12:52:51Z
Source Country: Germany
Source: ip
IP: ip
IP Protocol: 6
Destination Port: 443
Data Protocol: IPSec
Status: Failure
Reason: cannot complete certificate chain CN=yyy,OU=Mitarbeiter,OU=Benutzer,OU=xxx,DC=intern,DC=xxx,DC=de
Suppressed Logs: 0
Action: Failed Log In
Type: Log
Blade: Mobile Access
Origin: fw01
Service: TCP/443
Product Family: Access
Marker: @A@@B@1561712292@C@6990655
Index Time: 2019-06-28T12:52:51Z
Lastupdatetime: 1561726371000
Lastupdateseqnum: 2147483647
MAC Address: a0:b3:cc:c2:6e:bc
Stored: true
Name: hostname
Source Machine Name: ag-401-1324
Data Encryption: AES-256 + SHA1 + Group 2
Severity: Informational
Rounded Sent Bytes: 0
Confidence Level: N/A
Rounded Bytes: 0
Rounded Received Bytes: 0
OS: Windows 7 Professional Service Pack 1 64bit (build 7601)
Login Option Factors: Certificate
i think gateway needs certificate from external CA, but i cant import a certificate. creating csr works, but i got error from ca.
can anyone help, howto create cert for gateway? or is it another problem?
thanks
daniel