This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
saitoh
Collaborator
‎2024-09-09 11:47 PM

VPN cert connecting GAiA Portal, not server.crt

Hi all,

 

My CP VM R81.20 gives my browser VPN cert when connecting GAiA Portal.

I surmise it should be server.crt since it is included in /web/ subdirectory.

 

I heard from some version CP has changed its design and now VPN cert has only a year of validity.

However I have never got to see any case where a user is unable to access GAiA Portal.

(guess this is because validity does not matter anyway since this is mostly accessed internally, user ignoring ssl warning...)

 

Plus, my boss said to me that he has experienced the case where CP shows server.crt in accessing GAiA Portal.

Quick google search tells me that I can choose which certificate to present as web server.

 

my misgiving here is:

1. Is it expected for CP to bring VPN cert for validating itself as a web server?

2. In my little experience I assume VPN cert is not to be updated unless Site to Site VPN Blade is enabled.

After expiration which certificate would httpd choose to present, or does it stop working?

 

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
4 Replies
saitoh
Collaborator
‎2024-09-09 11:48 PM

P.S.

I forgot to add I observed this in R81.20 appliance and open server as well.

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
saitoh
Collaborator
‎2024-09-11 12:12 AM
In response to saitoh

One of my co-worker found out how VPN cert is selected for GAiA Portal.

 

When VPN Blade is OFF, server.crt is selected, the validity term of which is for 10 years.

On, GAiA Portal brings VPN cert to browser, whether it is expired or not.

 

My question remains unsolved...

It is like server.crt is replaced according to the status of VPN blade.

sliver bullet: casting repero or tossing it into the harbor
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-10 07:01 AM

How are you validating it’s the VPN certificate, exactly?
You might be seeing a different certificate because of MultiPortal.
Bottom line: yes, you can change the certificate.
https://support.checkpoint.com/results/sk/sk97648

0 Kudos
saitoh
Collaborator
‎2024-09-10 05:11 PM
In response to PhoneBoy

Hi PhoneBoy,

 

Thanks for you reply.

I validated CP is showing VPN certificate by referring cert viewer of google chrome.

I did not know of Multi Portal.

I will self-search sk for the information on it by myself.

 

Saitoh

 

sliver bullet: casting repero or tossing it into the harbor
Preview file
43 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events