I have an end customer who wants to be able to deploy machine authentication for clients and username and password but then if they have people using their own PC, they will use the clientless portal (SNX).
Following SK121173, we obtained the hotfix "fw1_wrapper_HOTFIX_R80_20_JHF_T114_469_470_MAIN_GA_FULL" from our local SE.
If I implement the following, we are able to log in with just username and password: -
ckp_regedit -a SOFTWARE/CheckPoint/VPN1 machine_cert_auth 1
But if I enforce machine certificate authentication by running ckp_regedit -a SOFTWARE/CheckPoint/VPN1 machine_cert_auth 2 , it fails.
At first I was receiving an error stating the CRL could not be fetched. I disabled this by unchecking the option on the trusted CA server object as I wanted to be able to test it working first.
I now get the following error: -
"Connection Failed: Machine certificate is required".
I generated a certificate and installed on the client PC but still get the same error message.
Does the certificate have to be installed in a particular certificate store?