Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
saitoh
Collaborator

VPN cert connecting GAiA Portal, not server.crt

Hi all,

 

My CP VM R81.20 gives my browser VPN cert when connecting GAiA Portal.

I surmise it should be server.crt since it is included in /web/ subdirectory.

 

I heard from some version CP has changed its design and now VPN cert has only a year of validity.

However I have never got to see any case where a user is unable to access GAiA Portal.

(guess this is because validity does not matter anyway since this is mostly accessed internally, user ignoring ssl warning...)

 

Plus, my boss said to me that he has experienced the case where CP shows server.crt in accessing GAiA Portal.

Quick google search tells me that I can choose which certificate to present as web server.

 

my misgiving here is:

1. Is it expected for CP to bring VPN cert for validating itself as a web server?

2. In my little experience I assume VPN cert is not to be updated unless Site to Site VPN Blade is enabled.

After expiration which certificate would httpd choose to present, or does it stop working?

 

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
4 Replies
saitoh
Collaborator

P.S.

I forgot to add I observed this in R81.20 appliance and open server as well.

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
saitoh
Collaborator

One of my co-worker found out how VPN cert is selected for GAiA Portal.

 

When VPN Blade is OFF, server.crt is selected, the validity term of which is for 10 years.

On, GAiA Portal brings VPN cert to browser, whether it is expired or not.

 

My question remains unsolved...

It is like server.crt is replaced according to the status of VPN blade.

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
PhoneBoy
Admin
Admin

How are you validating it’s the VPN certificate, exactly?
You might be seeing a different certificate because of MultiPortal.
Bottom line: yes, you can change the certificate.
https://support.checkpoint.com/results/sk/sk97648

0 Kudos
saitoh
Collaborator

Hi PhoneBoy,

 

Thanks for you reply.

I validated CP is showing VPN certificate by referring cert viewer of google chrome.

I did not know of Multi Portal.

I will self-search sk for the information on it by myself.

 

Saitoh

 

sliver bullet: casting repero or tossing it into the harbor
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events