Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Greifenstein
Participant

Fingerprint different on macos and Windows

Hi

I just recognized after a certificate change, that the fingerprint shown at first connect is different between macos and Windows.

Windows correspondends with the fingerprint shown in the "VPN Clients -> SAML Portal Settings" and "Mobile Access -> Portal Settings" on the gateway in SmartConsole, but not the fingerprint shown when first connecting with macos.

Customer told, that after changing the certificate, macos clients show a different fingerprint than Windows.

Just checked it with a new connection with my Mac: same issue. Fingerprint on macos is different to Windows/SmartConsole.

  1. why?
  2. this is an issue, when trying to avoid the popup, when changing the certificate and therefore the fingerprint. See https://support.checkpoint.com/results/sk/sk66263

Just checked the situation with another customer:

  • Fingerprint stored in the Windows Registry is the same as in Portal Settings
  • Fingerpring stored in file "/Library/Application Support/Checkpoint/Endpoint Connect/registry/HKLM_registry.data" on macos is different than in Portal Settings

Regards
Christian

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

This is probably going to require the TAC to investigate: https://help.checkpoint.com 

0 Kudos
Greifenstein
Participant

The reason is written in sk662263 itself, which I read over:

Note: There is limitation for macOS Remote Access clients when using 3rd party CA with more than two certificates in a chain. On initial connect, they show only the Fingerprint of the certificate next to the Peer certificate in a chain. For example, in case of 3 certificates in a chain: CA , SubCA and Peer, the SubCA's fingerprint will be shown.

Christian

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events