Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kadar2
Contributor

Identity Collector does not trust gateway certificate

Dear community,

 

recently we faced the following issue in our infrastructure.

We have two identity collectors running on WindowsServer 2012R2. The certificate under Mobile Access --> Portal Settings on one of our gateways was changed to a new wildcard certificate. The previous certificate was also a wildcard. The gateway is R81.10.

As a result of the change, both identity collectors displayed "Gateway Certificate Untrusted", until we performed an update certificate info. The "update" action was performed two weeks after the certificate replacement!

IA rules on the gateway were functioning normally for the two weeks period! We are trying to understand why we did not face any service disruption during this time. Identity awareness logs on the gateway show that AD user/group information was updated to the firewall. If the trust between identity collector/firewall is broken, how is this possible?

 

 

0 Kudos
3 Replies
AkosBakos
Leader Leader
Leader

Hi kada2,

Does the new cert contain the IP in the SAN field?
If not, the create one with the IP

A

----------------
\m/_(>_<)_\m/
0 Kudos
kadar2
Contributor

After updating the certificate info in the collectors, the issue is resolved. We would like to understand why we didn't face any issues with the IA rules on the firewall, given the fact that the certificate was untrusted for two whole weeks! Is it possible that the gateway learnt about the user/group info, by some other means?

0 Kudos
CheckPointerXL
Advisor
Advisor

Did you solve this mistery?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events