CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 5 of 5

Thread: legacy client auth connectivity HTTPS

  1. #1
    Join Date
    2014-11-23
    Posts
    11
    Rep Power
    0

    Default legacy client auth connectivity HTTPS

    I wonder if anyone could advise me. We are running Checkpoint R77.20 on Secure Platform
    We use legacy "client auth" authentication. I am trying to implement HTTPS rather than telnet or HTTP.
    I have followed the instructions to allow encrypted client authentication ( https://sc1.checkpoint.com/documents...Admin/6721.htm ).
    However when the users connect they get an error message in their browser saying "This site uses an unsupported protocol or cipher suite such as RC4" or "Bad client auth Cert ". The users do not get an option to accept the certificate.

    Thanks

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,482
    Rep Power
    8

    Default Re: legacy client auth connectivity HTTPS

    Quote Originally Posted by PeterSmith78 View Post
    I wonder if anyone could advise me. We are running Checkpoint R77.20 on Secure Platform
    We use legacy "client auth" authentication. I am trying to implement HTTPS rather than telnet or HTTP.
    I have followed the instructions to allow encrypted client authentication ( https://sc1.checkpoint.com/documents...Admin/6721.htm ).
    However when the users connect they get an error message in their browser saying "This site uses an unsupported protocol or cipher suite such as RC4" or "Bad client auth Cert ". The users do not get an option to accept the certificate.

    Thanks
    Are you using the default vpn cert that the gateway generates or are you using your own?

  3. #3
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,092
    Rep Power
    12

    Default Re: legacy client auth connectivity HTTPS

    Quote Originally Posted by jflemingeds View Post
    Are you using the default vpn cert that the gateway generates or are you using your own?
    Yeah my guess is that the firewall's certificate is signed with SHA1 and the user's browser won't allow it.
    --
    My Book "Max Power: Check Point Firewall Performance Optimization"
    Second Edition Coming Soon

  4. #4
    Join Date
    2014-11-23
    Posts
    11
    Rep Power
    0

    Default Re: legacy client auth connectivity HTTPS

    yes I'm using the default certificate "defaultCert". Would I need to generate another certificate

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,482
    Rep Power
    8

    Default Re: legacy client auth connectivity HTTPS

    I think you need to get more information about what encryption or hash method is making things angry, then disable it and generate a new cert.

    Just a guess sk106478 might be a good place to start. I'm guessing its complaining about RC4.

Similar Threads

  1. how to enable HTTPS for client auth?
    By BAM279 in forum Authentication
    Replies: 10
    Last Post: 2010-05-05, 10:12
  2. Number of auth. attempts with Client Auth
    By netgeo in forum Authentication
    Replies: 1
    Last Post: 2008-12-04, 18:04
  3. Using SSL with client auth
    By greg06 in forum Authentication
    Replies: 1
    Last Post: 2006-03-16, 22:50
  4. No pop-up using Client Auth
    By aallsopp in forum Authentication
    Replies: 3
    Last Post: 2006-03-13, 15:32
  5. Replies: 0
    Last Post: 2005-08-14, 11:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •