This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Greifenstein
Participant
‎2023-12-22 01:08 AM

Fingerprint different on macos and Windows

Hi

I just recognized after a certificate change, that the fingerprint shown at first connect is different between macos and Windows.

Windows correspondends with the fingerprint shown in the "VPN Clients -> SAML Portal Settings" and "Mobile Access -> Portal Settings" on the gateway in SmartConsole, but not the fingerprint shown when first connecting with macos.

Customer told, that after changing the certificate, macos clients show a different fingerprint than Windows.

Just checked it with a new connection with my Mac: same issue. Fingerprint on macos is different to Windows/SmartConsole.

  1. why?
  2. this is an issue, when trying to avoid the popup, when changing the certificate and therefore the fingerprint. See https://support.checkpoint.com/results/sk/sk66263

Just checked the situation with another customer:

  • Fingerprint stored in the Windows Registry is the same as in Portal Settings
  • Fingerpring stored in file "/Library/Application Support/Checkpoint/Endpoint Connect/registry/HKLM_registry.data" on macos is different than in Portal Settings

Regards
Christian

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-12-22 03:48 PM

This is probably going to require the TAC to investigate: https://help.checkpoint.com 

0 Kudos
Greifenstein
Participant
‎2024-02-28 12:55 PM

The reason is written in sk662263 itself, which I read over:

Note: There is limitation for macOS Remote Access clients when using 3rd party CA with more than two certificates in a chain. On initial connect, they show only the Fingerprint of the certificate next to the Peer certificate in a chain. For example, in case of 3 certificates in a chain: CA , SubCA and Peer, the SubCA's fingerprint will be shown.

Christian

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top