CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 6 of 6

Thread: SecureClient auth

  1. #1
    Join Date
    2006-08-08
    Posts
    32
    Rep Power
    0

    Default SecureClient auth

    Hi Guys,

    We plan to roll out CA cert authentication to replace RSA hardware token, everything was good so far until last weekend. When I tried to loggin with my cert it failed with Main Mode validation timed out but using RSA token is fine.

    I checked CP support document but so far no help, please advise, thanks.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,226
    Rep Power
    13

    Default Re: SecureClient auth

    Is the firewall successfully able to reach the location specified in the CRL of the certificate you're trying to use?

  3. #3
    Join Date
    2006-08-08
    Posts
    32
    Rep Power
    0

    Default Re: SecureClient auth

    Sorry, new to external CA, but where to check that? Thanks.

  4. #4
    Join Date
    2006-08-08
    Posts
    32
    Rep Power
    0

    Default Re: SecureClient auth

    This is what I get after packet 5 in main mode, in ikeview

    Notify Data as string:
    Validation timed out. (msg_obj
    :format
    (1.0)
    :id (VPN_CERT_ERR)
    :def_msg ("Va
    lidation timed out.")
    :arguments (
    :0
    (
    :type (string)
    :val ("Validatio
    n timed out.")
    :def_text ("Validation
    timed out.")
    )
    )
    )

  5. #5
    Join Date
    2006-08-08
    Posts
    32
    Rep Power
    0

    Default Re: SecureClient auth

    Well, IIS on crl stopped, reset and it works now.

  6. #6
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,226
    Rep Power
    13

    Default Re: SecureClient auth

    Quote Originally Posted by briwang View Post
    Well, IIS on crl stopped, reset and it works now.
    Sounds like the CRL server for your CA was dead and when you would present the certificate to the firewall it would time out trying to pull the CRL.

Similar Threads

  1. SecureClient certificate auth
    By jjn2007 in forum Authentication
    Replies: 1
    Last Post: 2009-11-21, 10:59
  2. Number of auth. attempts with Client Auth
    By netgeo in forum Authentication
    Replies: 1
    Last Post: 2008-12-04, 18:04
  3. User Auth working as Session Auth
    By sergioaf in forum Authentication
    Replies: 2
    Last Post: 2007-01-31, 13:39
  4. Secureclient Auth Credentials and registry keys
    By Joncon in forum SecureClient/SecuRemote
    Replies: 3
    Last Post: 2006-07-22, 13:39
  5. Replies: 0
    Last Post: 2005-08-14, 11:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •