Support Center > Search Results > SecureKnowledge Details
When creating VPN site using Endpoint Security VPN client, a pop-up message shown indicating that site security certificate is not trusted Technical Level
Symptoms
  • When creating a VPN site using 'Check Point Endpoint Security VPN' client a pop-up message is shown indicating that the site security certificate is not trusted.
  • The site does not send 3rd party installed certificates when identifying itself.
Cause

Two possible causes are:

  • The appliance always presents its internal VPN certificate when trying to establish a connection between the client endpoint and the site. The client host does not have this certificate installed.
  • The site certificate has been reinitialized, hence it changed.


Solution

The appliance is acting as designed.

Locally and centrally managed SMB appliances do not support internal certificate administration. Hence, the appliance will always present its own VPN certificate, even if other certificates were installed on it with their trusted CAs.

Note:

You can verify the internal certificate from the WebUI, Device -> Certificates (Internal Certificate). This page shows two certificates: Internal CA Certificate and Internal VPN Certificate. 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment