The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
SNX connection from command line fails with "SNX: Authentication failed" when using a certificate
Technical Level
Solution ID
sk101588
Technical Level
Product
SSL Network Extender
Version
R75.40, R76, R77, R77.10, R77.20, R77.30, R80.10
OS
Linux, Mac
Platform / Model
Intel/PC
Date Created
13-Jul-2014
Last Modified
03-Sep-2019
Symptoms
The SNX connection from command line "snx -l <CA_Dir> -s <Server>" fails with "SNX: Authentication failed" when authenticating with a user certificate.
The SNX connection from command line succeeds when authenticating with a username and password (snx -u <User> -s <Server>).
SNX debug ('snx -g ...') shows in snx.elg file:
process_trusted_cas: processing TrustedCAs
process_trusted_cas: TrustedCAs dir opened ok
process_trusted_cas: processing file <Certificate_Issuer_CN>.pem
DecodeBufFromFile: Couldn't read from file - certs/
/<Certificate_Issuer_CN>.pem
process_trusted_cas: get buf from file failed
Cause
Incorrect parsing of the path to the certificate file. Since the SNX client could not read the certificate, it does not trust the certificate presented by the Security Gateway, and the SSL negotiation fails.
