Support Center > Search Results > SecureKnowledge Details
Mobile Access certificate fingerprint presented on Remote Access client. Technical Level
Symptoms
  • When Mobile Access blade has different certificate then the IPSec blade, during site creation, the fingerprint of the Mobile Access certificate is presented.
  • After making a change in the Mobile Access certificate, a message to trust the new fingerprint is presented for Remote Access users.
Cause

Before the IPSec negotiation between the client and the gateway, there is an SSL handshake between them in order for the negotiation to be transferred over an encrypted link.

The gateway does not "know" that the SSL handshake is only an infrastructure for the IPSec negotiation, and it is treating it as Mobile Access. This is why it is presenting the Mobile Access certificate.


Solution

No fix is required; the system is functioning as designed.

The IPSec certificate (or the one selected for Remote Access clients) will be used during the IKE negotiation, as expected. 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment