This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
efchaves
Explorer
‎2022-06-27 04:26 PM
Jump to solution

Import the root CA and intermediate CAs for authentication with digital certificate to work

Hello everybody,

We are trying to enable MFA on the remote VPN. Authentication is currently done through LDAP and works perfectly. We want to enable authentication with digital certificate from an external CA and LDAP username and password. We made the necessary settings informing the LDAP field used to compare with the digital certificate field. We verified in the logs that the field (Subject DN.CN) is correctly extracted from the certificate. However, during client authentication, the following error message is displayed:
"cannot complete certificate chain CN=Brazilian Root Certification Authority v5,OU=National Institute of Information Technology - ITI,O=ICP-Brasil,C=BR"

I would like to know where and how to import the root CA and intermediate CAs.

Preview file
463 KB
Preview file
398 KB
Preview file
30 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-06-28 10:49 AM
Jump to solution

You need to create a Certificate Authority object if you haven't already.
In the file you import, you will need to include the entire certificate chain (root plus intermediate ones).

If you've done that already, it's possible you will need to import the root and intermediate certs to the clients themselves.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-06-28 10:49 AM
Jump to solution

You need to create a Certificate Authority object if you haven't already.
In the file you import, you will need to include the entire certificate chain (root plus intermediate ones).

If you've done that already, it's possible you will need to import the root and intermediate certs to the clients themselves.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events