This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Prasaddere
Explorer
Monday

How to prevent Untrusted Certificate warning message in checkpoint capsule connect

Hello,

We have deployed new remote access VPN. Where we implemented vpn Client on Mobiles (Checkpoint Capsule connect) but we are getting certificate warning to Trust and Continue. So How to prevent Untrusted Certificate warning message on mobile Phone (checkpoint capsule connect)

0 Kudos
6 Replies
AkosBakos
Leader Leader
Leader
Monday

Hi @Prasaddere 

Can you share a screenshot of the message?

My first 2 idea for solution.

1:

Use 3rd party certificate. Choose one that its root is installed in the Trusted Root Certificate store on the device.
(eg.:DigiCert)

2:

Install the Check Point's root and issuer certificate onto the devices. 

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
Monday

I see what Akos is saying. But, first, screenshot would certainly help. Just blur out any sensitive data, please.

Andy

0 Kudos
Prasaddere
Explorer
Tuesday
In response to the_rock

Attached screenshot. we have already deployed certificate from internal CA for Mobile blade portal and different certificate for IPSec Client including all root and subordinate CA. Still getting the attached message for certificate trust first time which we need to avoid. 

Same we had issue on Windows laptop but we solution to add fingerprint in Windows registry. which we have added. Issue is only with now on Mobile phone.

Preview file
89 KB
0 Kudos
PhoneBoy
Admin
Admin
Monday

Pretty sure you need to deploy the ICA CA certificate to the mobile device as "trusted."
This either has to be done via MDM or manually.

0 Kudos
Prasaddere
Explorer
Tuesday
In response to PhoneBoy

Certificate from internal CA already added in root CA as well issuing CA. Also server certificate attahed on IPsec client. as seperate CSR generated for mobile against which we got another certificate P12 which we import on mobile portal.

0 Kudos
AkosBakos
Leader Leader
Leader
Tuesday
In response to Prasaddere

Hi,

To be sure, when you accepted the cert and check the certificate chain, everything looks normal?

If you use MDM only one certificate store exists on the device?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events