This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RickyDan
Contributor
‎2022-07-17 12:25 PM

Wildcard certificate not trusted

I uploaded a DigiCert wildcard certificate for *.domain.com via Gateway Properties > Mobile Access > Portal Settings. I configured a VPN site using vpn.domain.com as the server name but I still get a certificate not trusted error while creating the site. The details window said that the certificate is for *.domain.com while the site is for vpn.domain.com. 

Are wildcard certs supported for remote access VPN? What do I need to do?

Labels
0 Kudos
10 Replies
the_rock
MVP Diamond
MVP Diamond
‎2022-07-17 02:48 PM

Im pretty positive that wildcard certs are indeed supported. I think one of my customers had this exact issue before, so will try comb through my notes tomorrow and see how we fixed it.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RickyDan
Contributor
‎2022-07-18 05:15 AM
In response to the_rock

Ok thanks. Awaiting your update.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-07-18 05:37 AM
In response to RickyDan

Would you mind send a screenshot? I just want to confirm it was exact same issue I had as well.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RickyDan
Contributor
‎2022-07-18 05:43 AM
In response to the_rock

cp-wildcard-error.PNG

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-07-18 05:46 AM
In response to RickyDan

Definitely not the same issue, their problem was that something was wrong with the cert, once they got the right one, all worked fine. Anyway, here is what I find a bit odd...why does it show connecting to *.abc.com, rather than say vpn.abc.com? That makes no sense...what are people entering when creating a site?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RickyDan
Contributor
‎2022-07-18 05:51 AM
In response to the_rock

I created the VPN site with vpn.domain.com and the wildcard cert is uploaded in the Mobile Access portal settings.

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2022-07-18 06:00 AM

Yes this is a known issue - wildcards are supported but you will get this warning on the 1st connection.  I recall previous discussions on CheckMates where this was also highlighted.  In my opinion the warning should not be thrown.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-07-18 06:07 AM
In response to Ruan_Kotze

Thats good to know, because I dont recall seeing that before on first connection. I know thats been like forever for regular RA vpn, but dont remember seeing it when using wildcard cert for mobile access. Maybe its just me getting old-ER : - )

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RickyDan
Contributor
‎2022-07-18 06:12 AM
In response to Ruan_Kotze

Hey, thanks. This means it makes no difference leaving it as the self-signed certificate since the warning still shows when creating the site.

JanVC
Collaborator
‎2022-07-18 06:49 AM
In response to RickyDan

see sk118454

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events