- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
Using R80.20
We use Dynamic ID in Mobile Access blade to sent OTP via SMS to our users.
I got the link from our SMS provider and it's working fine when using HTTP.
But when using HTTPS it's failing. User gets error "Dynamic ID Authentication Failed".
When I try it in a browser it's working fine with HTTPS.
When I try with CURL from the GW, I get a certificate error.
I got the current site certificate from the SMS provider and imported the intermediate certificate to the "Trusted CAs" tab under HTTPS Inspection. the root certificate was already there - but it's still not working.
Only time I managed to get it working with CURL is when I used:
"curl_cli --cacert /opt/CPsuite-R80.20/fw1/database/ca_bundle.pem.tmp"
Should I rename the file and remove the .tmp? I don't know what are the consequences are.
Appreciate the help
Recommend engaging the TAC here.
You may find that the solution in sk110779 will help here.
Hi Jonathan, to confirm are you running...
R80.20 JHF T183 or higher per sk167177?
-or-
R80.20 JHF T203 or higher per sk170303?
I had a similar case earlier this year. The gateway was R80.30 take 140 and after installing take 236 stopped DynamicID due to an OSCP. Per sk167177 T140 shouldn't work but 236 should work - well, in my case it was vice versa, no one could ever explain me why. After all I upgraded to R80.40 - it worked even with no hotfix installed, again no explanation. I'll advice you to run a debug and look for OCSP errors. If this is the case - plan to upgrade to a higher version, for me personally I don't find any helpful in Solution part of sk167177.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY