https://forums.checkpoint.com/forums/thread.jspa?threadID=10241 When you launch SNX and go look at the certificate details tab, does it say the signature hash algorithm is SHA1 or MD5? Ray > Date: Mon, 9 Aug 2010 16:29:13 -0600 > From: seral...@gmail.com > Subject: [FW-1] SNX Warning about vulnerabilities in a third party cert. > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > > Hello, > > This customer has SNX deployed on a VPN-1 cluster and acquired a Verisign > Cert to avoid the warning message users get when trying to open the SNX > Portal. Everything worked perfect and they even renewed the certification > last year when its validy expired, but one one of their users (arond 1000 on > the field), reporter the following message is shown when he tries to > connect: > > "SSL Network Extender - Security Warning > The server presented a certificate that uses a security method vulnerable to > forgeries. > The authenticity of this server cannot be guaranteed. > You are advised to contact your system administrator before continuing". > > I found a thread about it in the Check Point forum but basically says Check > Point supports blame it on the Cert vendor, which doesn't make much sense, > particularly when hundreds of users don't see it, the exact same cert has > being used for months with no issues and while my customer is using a > Verisign Cert, the people in who wrote in the forum say they used Thawte. > > Any ideas will be very appreciated? > > > > -- > Sergio Alvarez > CISSP | CCSE+ > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > =================================================
Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================