Norris, We are using SR NG FP2 hotfix 2, newer version. When i created a user i generated the certificate on the user properties and save that certificate locally and transferred to the SR client and when log in I've used the certificate to authenticate with the FW. Is there some thing i should be doing before authenticating? I have used the checkpoint recommended resolution to do this, but no luck.
Thanks Regards Suga ----- Original Message ----- From: "Norris, William" Date: Tue, 22 Oct 2002 13:45:50 -0700 To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecuRemote with user certificate > We use certificates with SR NG FP2 (hotfix 2). What version of the client > are you using? What kind of certificate are you using? How did you install > the certificate on the server and on the client? > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:suga@;LINUXMAIL.ORG] > > Sent: Tuesday, October 22, 2002 10:10 > > To: [EMAIL PROTECTED] > > Subject: [FW-1] SecuRemote with user certificate > > > > > > Hi All, > > > > Has anyone successfully implemented SecuRemote to use > > certificate instead of pre-shared key on NG Feature Pack 2? > > > > I'm having problem set this up. When the user log in with > > the certificate, the SR comes up with "SR could not be > > started, contact your administrator" and the SR GUI > > terminates. The log viewer shows, the user logs in > > successfully (key install: Main mode completion, in infor > > field: reason: Client Encryption: Authenticated by RSA > > Signature). User with Pre-shared key works fine. > > > > Thanks in advance. > > Regards > > Suga > > > > > > > > out put of log created from the SR GUI: > > > > log_file_name:sr_gui_tde > > > > [ 892 588][21 Oct 16:19:24] SetDefaultDir: > > GetRegistryAppPathString failed > > [ 892 588][21 Oct 16:19:24] > > [ 892 588][21 Oct 16:19:24] > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > > [ 892 588][21 Oct 16:19:24] SDL not enabled > > [ 892 588][21 Oct 16:19:24] SSO not enabled > > [ 892 588][21 Oct 16:19:24] RecursiveRegDeleteKey: > > SOFTWARE\CheckPoint\SecuRemote\CurrentSessionCredentials does > > not exist > > > > > > > > log_file_name:sr_service_tde > > > > > > [ 816 948][21 Oct 16:19:22] set_ikeStatus_post_fn: set fn 530e4153 > > [ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver > > [ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver > > [ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver > > [ 816 856][21 Oct 16:19:22] decrypt_obj: no cryptver > > [ 816 856][21 Oct 16:19:22] set_userc_post_fn: set fn 53071000 > > [ 816 856][21 Oct 16:19:22] set_userc_schedule_keep_alive: > > set fn 53867e6f > > [ 816 856][21 Oct 16:19:22] set_userc_deschedule_keep_alive: > > set fn 53867eb7 > > [ 816 856][21 Oct 16:19:22] set_user_message_box_fn: set fn 5307102c > > [ 816 868][21 Oct 16:19:22] InvokeIsakmpServer: Trying to > > bind to a different port than 500 > > > > [ 816 868][21 Oct 16:19:22] InvokeIsakmpServer: listening to > > IKE port 1298 > > > > [ 816 868][21 Oct 16:19:22] fwobj_get_myself: no module function set > > [ 816 868][21 Oct 16:19:22] fwuserc_exec_switch: load. > > [ 816 868][21 Oct 16:19:23] InvokeIsakmpServer: entered IKE > > port 1298 to userc_ike_local_port table > > > > [ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw > > ip:c2c9290d to userc_enc_domain_gws_table > > > > [ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw > > interface ip:c2c9290d to userc_enc_domain_gws_table > > > > [ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw > > interface ip:c0a80101 to userc_enc_domain_gws_table > > > > [ 816 868][21 Oct 16:19:23] fwuserc_loadtopo: entered gw > > interface ip:0a000001 to userc_enc_domain_gws_table > > > > [ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259 > > [ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259 > > [ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259 > > [ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 259 > > [ 816 868][21 Oct 16:19:23] fwkmsg_handle: unsupported trap 273 > > [ 816 856][21 Oct 16:19:23] vpn_get_conn_user_fn: set fn 530466fa > > [ 816 856][21 Oct 16:19:23] ckpSSLsession_from_ikeSA_clnt_fn: > > set fn 53046747 > > [ 816 856][21 Oct 16:19:23] create_ssl_clnt_params_fn: set fn 53046756 > > [ 816 856][21 Oct 16:19:23] ckpSSL_fwasync_connect_fn: set fn 5304675c > > [ 816 856][21 Oct 16:19:23] ckpSSLparams_Free_fn: set fn 53046772 > > [ 816 856][21 Oct 16:19:23] ikeSA_is_needed_fn: set fn 5304677e > > [ 816 868][21 Oct 16:20:11] fwuserc_exec_switch: update. > > [ 816 868][21 Oct 16:20:11] fwuserc_topo_client_handler: > > CLN_TOPO_IKE_SSL_INIT > > ....... > > ....... > > ...... > > [ 816 868][21 Oct 16:20:15] _get_cp_temp_dir: Failed to > > initilaze temp_dir. > > [ 816 868][21 Oct 16:20:15] _get_cp_temp_dir: Failed to > > initilaze temp_dir. > > [ 816 868][21 Oct 16:20:17] [Mon Oct 21 16:20:17 2002] > > [pid=816] funcchain: Create Child process failed C:\Program > > Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain > > "__DEFAULT_LOGFILE__" "1" "0" "resolver_list": The system > > cannot find the file specified. > > [ 816 868][21 Oct 16:20:17] [Mon Oct 21 16:20:17 2002] > > [pid=816] funcchain: Create Child process failed C:\Program > > Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain > > "__DEFAULT_LOGFILE__" "2" "1" "resolver_list": The system > > cannot find the file specified. > > [ 816 868][21 Oct 16:20:18] [Mon Oct 21 16:20:18 2002] > > [pid=816] funcchain: Create Child process failed C:\Program > > Files\CheckPoint\SecuRemote\bin\fwssd.exe funcchain > > "__DEFAULT_LOGFILE__" "0" "1" "resolver_list": The system > > cannot find the file specified. > > [ 816 936][21 Oct 16:20:18] fwuserc_mainloop_error_handler:: > > Got error from socket_worker - 10038 > > [ 816 936][21 Oct 16:20:18] socket_worker (936): select > > failed: Unknown Winsock error (10038) > > [ 816 868][21 Oct 16:20:18] fwuserc_exec_switch: got > > T_event_mainloop exit command, sending panic > > [ 1008 372][21 Oct 17:55:49] > > ------------------------------------------------------------------ > > > > -- > > > > Powered by Outblaze > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Powered by Outblaze ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
