This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Udupi_krishna
Contributor
‎2019-04-12 03:00 AM
Jump to solution

Wildcard Certificate IPsec VPN repository

Hi All,

 

Has anyone tried importing a wild card certificate into the IPsec VPN repository?. I am looking to change the default certificate which is shown to VPN clients, (General Properties > VPN Clients > "the gateway authenticates with this certificate".

We have a client using a wildcard cert from GoDaddy for other services. I tried following the documentation in terms of adding the cert CA and intermediate CA and creating the CSR request under the IPSec VPN repository. 

The challenge is I cannot use this enrollment request since this task is already down outside the firewall. Is there a way to import the certificate since it throws an error on Smart Console (R80.20 mgmt and gw). "the new issued certificate does not match the enrollment request" which is expected.

 

0 Kudos
1 Solution

Accepted Solutions
Marco_Valenti
Advisor
‎2019-04-12 03:12 AM
Jump to solution

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

View solution in original post

5 Replies
Marco_Valenti
Advisor
‎2019-04-12 03:12 AM
Jump to solution

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

Udupi_krishna
Contributor
‎2019-04-12 03:21 AM
In response to Marco_Valenti
Jump to solution

Mobile access blade is indeed enabled and the certificate under it's portal settings is set the .p12 wild card certificate.

Is there a way to confirm that the remote access clients are now using the same certificate as one applied in the mobile access settings?
0 Kudos
Marco_Valenti
Advisor
‎2019-04-12 05:24 AM
In response to Udupi_krishna
Jump to solution

you can delete the site on one of the client using the endpoint/win10 plugin and see wich certificate is pronted

0 Kudos
Udupi_krishna
Contributor
‎2019-04-16 09:33 PM
In response to Marco_Valenti
Jump to solution

This procedure and the earlier info on Certificate referenced under Mobile access blade portal settings was right on. Thanks for your inputs, appreciate it.
Saved me a TAC case 😉
0 Kudos
Marco_Valenti
Advisor
‎2019-04-17 02:01 AM
In response to Udupi_krishna
Jump to solution

glad to help 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events