Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mschlumpberger
Participant

R80.40 Mobile Access / Capsule Connect with Password + Certificate

Hi everybody,

 

we want to setup MOB for Remote-Access for Capsule-Connect via Password + Certificate.

We want to use Certificates, which are already installed on the iphones via MDM. Is it possible to use this Certificates for VPN, too?

If we test it with a certificate from Checkpoint (Client Certificates) everything is working.

 

Someone succesfully test this setup earlier?

 

Best regards

Marco

0 Kudos
7 Replies
mschlumpberger
Participant

Additional Information:

 

We get on our iphones the error: malformed reply from Site

0 Kudos
G_W_Albrecht
Legend
Legend

I can only find sk131772: VPN clients cannot connect or create site to the gateway

CCSE CCTE CCSM SMB Specialist
0 Kudos
mschlumpberger
Participant

Hi,

 

thank you for your feedback. I found that sk, too.

But this is not our solution and if i am using "normal" certificates from checkpoint (Client-Certificates) everything is working.

 

best regards

0 Kudos
PhoneBoy
Admin
Admin

Have you defined the CA of the MDM certificates in the configuration?
This means creating  specific type of object and configuring the gateway to trust certificates from that CA.

0 Kudos
mschlumpberger
Participant

Hi,

 

thank you for your feedback. Yes I configured the CA as a Trusted-CA in SmartConsole.

In my vpn debug I can see that my certificate is trusted. I think I get a problem with my wildcard-certificate on portal.customer.de

 

Can I use a wildcard-certificate with *.customer.de for portal.customer.de without any problems?

 

best regards.

0 Kudos
PhoneBoy
Admin
Admin

Should be supported to do that.
The precise debug output might be helpful.

0 Kudos
mschlumpberger
Participant

Hi,

 

i found in my vpnd log following message after checking wildcard certificate:
[vpnd 4688 4082022336]@fwnode02[17 Dec 13:38:22] fwCerts_FindIssuer: Could not find a matching issuer. Trying to match DN

 

I will import root-ca from my wildcard certificate as Trusted-CA and give an update.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events