legacy client auth connectivity HTTPS

**PeterSmith78** · 2017-11-30

I wonder if anyone could advise me. We are running Checkpoint R77.20 on Secure Platform
We use legacy "client auth" authentication. I am trying to implement HTTPS rather than telnet or HTTP.
I have followed the instructions to allow encrypted client authentication ( https://sc1.checkpoint.com/documents...Admin/6721.htm ).
However when the users connect they get an error message in their browser saying "This site uses an unsupported protocol or cipher suite such as RC4" or "Bad client auth Cert ". The users do not get an option to accept the certificate.

Thanks

**jflemingeds** · 2017-11-30

Originally Posted by PeterSmith78

I wonder if anyone could advise me. We are running Checkpoint R77.20 on Secure Platform
We use legacy "client auth" authentication. I am trying to implement HTTPS rather than telnet or HTTP.
I have followed the instructions to allow encrypted client authentication ( https://sc1.checkpoint.com/documents...Admin/6721.htm ).
However when the users connect they get an error message in their browser saying "This site uses an unsupported protocol or cipher suite such as RC4" or "Bad client auth Cert ". The users do not get an option to accept the certificate.

Thanks

Are you using the default vpn cert that the gateway generates or are you using your own?

**ShadowPeak.com** · 2017-11-30

Originally Posted by jflemingeds

Are you using the default vpn cert that the gateway generates or are you using your own?

Yeah my guess is that the firewall's certificate is signed with SHA1 and the user's browser won't allow it.

**PeterSmith78** · 2017-12-01

yes I'm using the default certificate "defaultCert". Would I need to generate another certificate

**jflemingeds** · 2017-12-01

I think you need to get more information about what encryption or hash method is making things angry, then disable it and generate a new cert.

Just a guess sk106478 might be a good place to start. I'm guessing its complaining about RC4.