This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Amber
Participant
‎2025-09-10 05:58 AM
Jump to solution

Capsule Connect VPN Issue(The site's certificate has expired)

Hi all,

I'm encountering a problem. I have a 5000 series gateway (R81.10) managed by SMS (R81.20). Last Friday, I renewed the VPN certificate for the 5000 series gateway. After renewing the certificate, both the IPsec VPN and the desktop Remote Access VPN client are working well.

However, VPN connections from mobile devices using Capsule Connect are not working. When attempting to connect via Capsule Connect, the client displays a message indicating that the site's certificate has expired.

Please suggest. Many thanks.

Labels
Preview file
32 KB
0 Kudos
1 Solution

Accepted Solutions
Amber
Participant
‎2025-09-25 08:05 PM
Jump to solution

Many thanks to everyone for their help. I opened a technical ticket with Check Point support. They suggested using the command "#fw kill vpnd" to restart the VPN process. I tried it, and it worked. Thank you very much again.

View solution in original post

0 Kudos
9 Replies
the_rock
MVP Diamond
MVP Diamond
‎2025-09-10 08:17 AM
Jump to solution

Hey Amber,

Can you have them try delete/re-create the site and test? Just have one or two random users do that.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-09-10 12:32 PM
Jump to solution

You sure the clients trust the new certificate? 

https://support.checkpoint.com/results/sk/sk167255

Just to make sure you done policy push after cert renewal? 

-------
Please press "Accept as Solution" if my post solved it 🙂
(1)
the_rock
MVP Diamond
MVP Diamond
‎2025-09-10 12:35 PM
In response to Lesley
Jump to solution

Good points @Lesley 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Amber
Participant
‎2025-09-11 01:54 AM
In response to Lesley
Jump to solution

Hi Lesley,

When using Capsule Connect to establish a VPN connection, the self-signed certificate does not appear to trust. According to sk167255, the recommended solution is to add a third-party trusted certificate to the Mobile Access Blade.
May I kindly ask if it is possible to use the gateway’s self-signed certificate for Mobile Access instead?

Many thanks.

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-09-11 07:39 AM
In response to Amber
Jump to solution

Hi

As user still is able not to trust a third party (not self-signed) certificate. If you import certificate without the Intermediate CA and only the certificate systems can complain about it: invalid certificate. Normally you import all Intermediate CA's including the certificate and not the root CA. You can also include root ca but that should not be needed as it is expected that all clients are known with the root ca. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
PhoneBoy
Admin
Admin
‎2025-09-11 07:57 AM
In response to Amber
Jump to solution

You can use the Internal CA for this, but for the error message to go away, the end user will have to manually configure the CA as trusted on their device.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-09-11 08:09 AM
In response to PhoneBoy
Jump to solution

I guess similar to ssl inspection...maybe not best comparison though.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Amber
Participant
‎2025-09-25 08:05 PM
Jump to solution

Many thanks to everyone for their help. I opened a technical ticket with Check Point support. They suggested using the command "#fw kill vpnd" to restart the VPN process. I tried it, and it worked. Thank you very much again.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-09-25 08:20 PM
In response to Amber
Jump to solution

Great! Thanks for letting us know, appreciated.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events