Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Avoiding VPN client fingerprint message when changing certificate

Hello Guys,

 

I'm in need to change the Certificate which is represented to the Clients for Remote Access.

As far as I Understand, Checkpoint presents the Fingerprint of the Root CA of the VPN Certificate so the client dont have issues when Certificates are exchanged if they come from the same CA.

Unfortunately we are moving from one CA to another and this is not clearly for me. Also not in SK: Avoiding VPN / SNX client fingerprint message when changing certificate or connecting to a backup site (checkpoint.com)

We have "vpn.corp.com" as CN/DNS. So I digged already into the registry of my clients and there as mentioned a respective fingerprint for my VPN Infrastructure. 
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\accepted_cn\vpn.corp.com]
"--Fingerprint--"=" XXXX XXX XXX XXX XXXX XXX XXXX XXXX XXX XXXX  XXX XXXX"

1. Question: Can I assign more then one Fingerprint in the Registry  ? So we have an entry for our "vpn.corp.com" and there is currently one Fingerprint. Can I enter the second (new one) to and it will work? Is there an SK for this? 
So it will look like:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\accepted_cn\vpn.corp.com]
"--Fingerprint--"=

...
TO READ THE FULL POST it's simple and free

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events