Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Udupi_krishna
Contributor
Jump to solution

Wildcard Certificate IPsec VPN repository

Hi All,

 

Has anyone tried importing a wild card certificate into the IPsec VPN repository?. I am looking to change the default certificate which is shown to VPN clients, (General Properties > VPN Clients > "the gateway authenticates with this certificate".

We have a client using a wildcard cert from GoDaddy for other services. I tried following the documentation in terms of adding the cert CA and intermediate CA and creating the CSR request under the IPSec VPN repository. 

The challenge is I cannot use this enrollment request since this task is already down outside the firewall. Is there a way to import the certificate since it throws an error on Smart Console (R80.20 mgmt and gw). "the new issued certificate does not match the enrollment request" which is expected.

 

0 Kudos
1 Solution

Accepted Solutions
Marco_Valenti
Advisor

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

View solution in original post

5 Replies
Marco_Valenti
Advisor

Do you have the mobile access blade enabled on the gateway?

If you have you will be able to import the p.12 from the relative blade settings and then remote access client will use this certificate to authenticate from the gateway , at least this is what tac told me in one sr since I have the same request , but at the moment I don' t know if you don't have the mobile access blade enabled

Udupi_krishna
Contributor
Mobile access blade is indeed enabled and the certificate under it's portal settings is set the .p12 wild card certificate.

Is there a way to confirm that the remote access clients are now using the same certificate as one applied in the mobile access settings?
0 Kudos
Marco_Valenti
Advisor

you can delete the site on one of the client using the endpoint/win10 plugin and see wich certificate is pronted

0 Kudos
Udupi_krishna
Contributor
This procedure and the earlier info on Certificate referenced under Mobile access blade portal settings was right on. Thanks for your inputs, appreciate it.
Saved me a TAC case 😉
0 Kudos
Marco_Valenti
Advisor

glad to help 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events