This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Mirosław_Zimny
Contributor
‎2018-10-25 04:04 AM

R80.10 VPN site-to-site certificate problem

After upgrading Security Gateway from R77.30 to R80.10 we have lost VPN site to site connectivity using certificates. In log we have found something like this:

Main Mode Issuer CN=RootCA.something*,OU=something,O=something,L=something,ST=something,C=PL is not a CA.

and then:

Main Mode Sent Notification to Peer: invalid certificate

In vpnd.elg we have also found:

CA certificate CN=RootCA.something,OU=something,O=something,L=something,ST=something,C=PL does not contain a BasicConstraints extension.

I attached the vpnd.elg file for details.

In R80.10 Relase Notes and any other docs there is no word about such issues when upgrading from R77.x to R80.10. What's wrong?

Thanks in advance for Your support

Regards

Mirek

*) something is used here for example only to hide details

vpnd1.elg.txt.zip
0 Kudos
2 Replies
This widget could not be displayed.