Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
irine
Explorer

Enrolment failed Check Point Mobile mac m1 pro E86.20 Build 986200408

Hello. I can't issue authenticate certificate in Check Point Mobile mac client.

I use "Personal Certificate" login option and "Certificate - Keychain" method with Registration Key which proved to work on the Check Point Mobile client under windows 10 on VMWare virtual machine on intel mac. 

Check Point Mobile mac client version E86.20 Build 986200408

Apple Silicone MacBook Chip M1 Pro 32 GB RAM runs Monterey 12.1 (21C52)

 

When i process to the final enrollment step i see "Enrollling Certificate (this may take a while)".

Then, after 10-20 seconds "Enrolment failed" without any additional info.

Private key is stored in the Keychain, but modified and expires dates are missing. 

private_key.png

 

Each attempt to enroll will create new identical record in the Keychain.

After that client will constantly try to connect and enter into infinite "connecting" state. 

connecting.png

 

As i already said, i am sure the settings are valid, since the same site address and registration key are used to connect on check point client for windows. 

- I also tried to issue p12 certificate method instead of Keychain. Same message "Enrolment failed" was raised. 

- In case of server may block multiple authentications for a single key, i tried to disconnect windows check point client during new authentication. This had no effect. 

 

The questions are:

- is it required to add specific setting on the server side to allow mac clients to connect?

- is there are a way to export p12 from my windows client, transfer it to the mac and connect without enrolling new cert?

0 Kudos
2 Replies
_Val_
Admin
Admin

It seems like a connectivity issue, that prevents enrolment to be complete. I would suggest looking which traffic is actually reaching the VPN GW from your client during the enrolment process. 
Also, look into sk109993.

If you cannot figure out the issue, I would advise opening a TAC case.


G_W_Albrecht
Legend Legend
Legend

I have the same Mac OS X client - i use the password protected .p12 without keychain and never had any issue. Ask your admin for the cert file...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events