Support Center > Search Results > SecureKnowledge Details
Push Notifications from Mobile Access gateway do not work for all mobile clients due to CRL fetch failures Technical Level
Symptoms
  • Push Notifications from Mobile Access gateway do not work for all mobile clients.

  • $FWDIR/log/pushd_failed_posts file on Mobile Access gateway shows the following error:

    curl : Cloud Certificate failure due to multiple CRL fetch failures, push is now locked for sending
Cause

Gateway is either unable to resolve the CA's CRL distribution point URL or it cannot reach the resolved IP.


Solution

Follow these steps:

    1. Connect to command line on Mobile Access gateway (over SSH, or console).

    2. Log in to Expert mode.

    3. Run the following curl command for each URL below. The result should be 200 OK.
      # curl_cli -kv <URL BELOW> > /dev/null
      # curl_cli -kv https://push.checkpoint.com > /dev/null
      • https://push.checkpoint.com
      • http://crl.godaddy.com/gdig2s2-12.crl
      • http://crl.godaddy.com/gdroot-g2.crl
      • http://crl.godaddy.com/gdroot.crl

Note
    :To use Push Notifications, the Mobile Access gateway must have connectivity to these URLs on ports 443 and 80
  1. If the above connections are active, but $FWDIR/log/pushd_failed_posts file still shows the same error, then run the following command (it allows curl to validate the certificate for 20 seconds, which is required for slow or intermittent connections):

    [Expert@HostName]# cpprod_util CPPROD_SetReserved cpshared libCurl crl_download_timeout 1 20 1

  2. Restart the fwpushd process:

    [Expert@HostName]# killall fwpushd

    Wait for several seconds for the process to be restarted. Try to send push notifications again. If push still does not work, then refer to $FWDIR/log/pushd_failed_posts file.

 


 

Related documentation:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • 01383482

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment