- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
After upgrading Security Gateway from R77.30 to R80.10 we have lost VPN site to site connectivity using certificates. In log we have found something like this:
Main Mode Issuer CN=RootCA.something*,OU=something,O=something,L=something,ST=something,C=PL is not a CA.
and then:
Main Mode Sent Notification to Peer: invalid certificate
In vpnd.elg we have also found:
CA certificate CN=RootCA.something,OU=something,O=something,L=something,ST=something,C=PL does not contain a BasicConstraints extension.
I attached the vpnd.elg file for details.
In R80.10 Relase Notes and any other docs there is no word about such issues when upgrading from R77.x to R80.10. What's wrong?
Thanks in advance for Your support
Regards
Mirek
*) something is used here for example only to hide details
I would engage with the TAC on this.
I hadn't heard of any issues cropping up with VPNs after upgrading to R80.10.
This sounds like an issue with the internal CA, though, and possibly regenerating and reexchanging certificates would solve the issue.
Temporarily we have switched from certificates to preshared key to restore VPN connectivity. We think it's all about lack of BasicConstraints extension. We will follow Your advise.
Thanks a lot
Regards
Mirek
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY