This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jonathan
Contributor
‎2021-12-09 07:22 AM

Dynamic ID with HTTPS not working

Hi,

Using R80.20

We use Dynamic ID in Mobile Access blade to sent OTP via SMS to our users.

I got the link from our SMS provider and it's working fine when using HTTP.

But when using HTTPS it's failing. User gets error "Dynamic ID Authentication Failed".

When I try it in a browser it's working fine with HTTPS.

When I try with CURL from the GW, I get a certificate error.

I got the current site certificate from the SMS provider and imported the intermediate certificate to the "Trusted CAs" tab under HTTPS Inspection. the root certificate was already there -  but it's still not working.

Only time I managed to get it working with CURL is when I used:

"curl_cli --cacert /opt/CPsuite-R80.20/fw1/database/ca_bundle.pem.tmp"

 

Should I rename the file and remove the .tmp? I don't know what are the consequences are.

 

Appreciate the help

 

Labels
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-12-12 03:52 PM

Recommend engaging the TAC here.

0 Kudos
emmap
Employee
Employee
‎2021-12-12 09:24 PM

You may find that the solution in sk110779 will help here.

0 Kudos
Chris_Atkinson
Employee
Employee
‎2021-12-12 10:13 PM

Hi Jonathan, to confirm are you running...

 

R80.20 JHF T183 or higher per sk167177?

-or-

R80.20 JHF T203 or higher per sk170303?

0 Kudos
MartinTzvetanov
Collaborator
‎2021-12-13 03:15 AM

I had a similar case earlier this year. The gateway was R80.30 take 140 and after installing take 236 stopped DynamicID due to an OSCP. Per sk167177 T140 shouldn't work but 236 should work - well, in my case it was vice versa, no one could ever explain me why. After all I upgraded to R80.40 - it worked even with no hotfix installed, again no explanation. I'll advice you to run a debug and look for OCSP errors. If this is the case - plan to upgrade to a higher version, for me personally I don't find any helpful in Solution part of sk167177.

0 Kudos