Dynamic ID with HTTPS not working

Jonathan · ‎2021-12-09

Hi,

Using R80.20

We use Dynamic ID in Mobile Access blade to sent OTP via SMS to our users.

I got the link from our SMS provider and it's working fine when using HTTP.

But when using HTTPS it's failing. User gets error "Dynamic ID Authentication Failed".

When I try it in a browser it's working fine with HTTPS.

When I try with CURL from the GW, I get a certificate error.

I got the current site certificate from the SMS provider and imported the intermediate certificate to the "Trusted CAs" tab under HTTPS Inspection. the root certificate was already there - but it's still not working.

Only time I managed to get it working with CURL is when I used:

"curl_cli --cacert /opt/CPsuite-R80.20/fw1/database/ca_bundle.pem.tmp"

Should I rename the file and remove the .tmp? I don't know what are the consequences are.

Appreciate the help

PhoneBoy · ‎2021-12-12

Recommend engaging the TAC here.

emmap · ‎2021-12-12

You may find that the solution in sk110779 will help here.

Chris_Atkinson · ‎2021-12-12

Hi Jonathan, to confirm are you running...

R80.20 JHF T183 or higher per sk167177?

-or-

R80.20 JHF T203 or higher per sk170303?

CCSM R77/R80/ELITE

MartinTzvetanov · ‎2021-12-13

I had a similar case earlier this year. The gateway was R80.30 take 140 and after installing take 236 stopped DynamicID due to an OSCP. Per sk167177 T140 shouldn't work but 236 should work - well, in my case it was vice versa, no one could ever explain me why. After all I upgraded to R80.40 - it worked even with no hotfix installed, again no explanation. I'll advice you to run a debug and look for OCSP errors. If this is the case - plan to upgrade to a higher version, for me personally I don't find any helpful in Solution part of sk167177.

Are you a member of CheckMates?

Dynamic ID with HTTPS not working