This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mschlumpberger
Participant
‎2020-12-14 05:12 AM

R80.40 Mobile Access / Capsule Connect with Password + Certificate

Hi everybody,

 

we want to setup MOB for Remote-Access for Capsule-Connect via Password + Certificate.

We want to use Certificates, which are already installed on the iphones via MDM. Is it possible to use this Certificates for VPN, too?

If we test it with a certificate from Checkpoint (Client Certificates) everything is working.

 

Someone succesfully test this setup earlier?

 

Best regards

Marco

0 Kudos
7 Replies
mschlumpberger
Participant
‎2020-12-14 06:06 AM

Additional Information:

 

We get on our iphones the error: malformed reply from Site

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-14 06:44 AM
In response to mschlumpberger

I can only find sk131772: VPN clients cannot connect or create site to the gateway

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mschlumpberger
Participant
‎2020-12-14 07:19 AM
In response to G_W_Albrecht

Hi,

 

thank you for your feedback. I found that sk, too.

But this is not our solution and if i am using "normal" certificates from checkpoint (Client-Certificates) everything is working.

 

best regards

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-14 08:00 PM

Have you defined the CA of the MDM certificates in the configuration?
This means creating  specific type of object and configuring the gateway to trust certificates from that CA.

0 Kudos
mschlumpberger
Participant
‎2020-12-16 05:04 AM
In response to PhoneBoy

Hi,

 

thank you for your feedback. Yes I configured the CA as a Trusted-CA in SmartConsole.

In my vpn debug I can see that my certificate is trusted. I think I get a problem with my wildcard-certificate on portal.customer.de

 

Can I use a wildcard-certificate with *.customer.de for portal.customer.de without any problems?

 

best regards.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-16 11:28 AM
In response to mschlumpberger

Should be supported to do that.
The precise debug output might be helpful.

0 Kudos
mschlumpberger
Participant
‎2020-12-17 05:10 AM

Hi,

 

i found in my vpnd log following message after checking wildcard certificate:
[vpnd 4688 4082022336]@fwnode02[17 Dec 13:38:22] fwCerts_FindIssuer: Could not find a matching issuer. Trying to match DN

 

I will import root-ca from my wildcard certificate as Trusted-CA and give an update.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events