Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rajan_Pradhan
Participant

Machine Auth via Certificate Not Working

Jump to solution

Hi

I have client version 85.2, trying to configure machine certificate authentication. SMC and gateway is R80.40. I cannot get it to authenticate, client errors with "negotiation with site failed". Trac.log shows the telling below errors, however when I check the SMC the root CA is definitely installed there correctly. and the second log below shows the matching DN, so the client does seem to trying to macth the right cert. Ive tried different client versions, replacing client certificates, reinstalling root CA, running out of ideas. ANy help appreciated!

 

[ 5356 10308][26 Aug 21:55:53][RaisCertManager] RaisCertManager::CertManager::GetCertByName: Can't retrieve the Root CA for the cert.
[ 5356 10308][26 Aug 21:55:53][RaisCertManager] RaisCertManager::CertManager::GetCertByName: temp_cert is null!! => No cert was found with the given cert_name= [CN=XXX,O=XXX,L=XXX,ST=XX,C=XX;O=XXX.f97wmb]
[

0 Kudos
1 Solution

Accepted Solutions
Rajan_Pradhan
Participant

Problem was solved with sk175111. 

View solution in original post

3 Replies
Chris_Atkinson
Employee
Employee

Hi,

What's in the Subject field of the machine certificate, note it cannot be empty?

0 Kudos
Rajan_Pradhan
Participant

Hi Chris! Thanks so much for your response. Yes, by default autoenrolled machine certificates have a blank subject. However I have manually created a new cert with FQDN in the subject, which made no difference to the issue. 😞 

0 Kudos
Rajan_Pradhan
Participant

Problem was solved with sk175111. 

View solution in original post