Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kilian_Huber
Contributor
Jump to solution

Secure Domain Logon with certificate based authentication

Hi CheckMates,

when trying to use Secure Domain Logon with certificate based authentication (E86.26 client), the Secure Domain Logon dialogue does not offer any certificate to be chosen as shown in the screenshot below:

EPS-SDL.jpg

The user certificate store contains a certificate for the user which should be authenticated and the computer certificate store contains a machine certificate.

When skipping SDL and logging in with cached credentials, and then manually establishing a VPN connection, the user's certificate is correctly fetched via CAPI and certificate authentication is successful.

Any idea on how to troubleshoot why no certificate is available in the SDL authentication dialogue?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
7 Replies
G_W_Albrecht
Legend Legend
Legend

Is this an EPS client with TP blades ? sk146712

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Kilian_Huber
Contributor

It is an Endpoint Security Client, yes, but the FDE blade is not installed.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

So i would suggest TAC...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
0 Kudos
Kilian_Huber
Contributor

The machine certificate was just a test to see if I could select this certificate from the drop down list on the SDL window since I don't see the user certificate either. I do not actually want to use machine based authentication; all endpoints already have a user certificates rolled out and this should be used for authentication. IMHO this should be working since the user authenticates to Windows before the SDL window appears, therefore the personal certificate store should be accessible.

0 Kudos
PhoneBoy
Admin
Admin

CAPI certificates cannot be used for SDL.
This is in the documentation: https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN... 

Kilian_Huber
Contributor

Ouch, I missed this. Thanks a lot!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events