LDAP users connecting from Check Point Capsule Connect / VPN client cannot authenticate using certificate

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk99035
Technical Level
Product	Mobile Access / SSL VPN, Capsule Connect
Version	R77 (EOL), R77.10 (EOL), R75.40 (EOL), R75.45 (EOL), R75.46 (EOL), R75.47 (EOL), R77.20 (EOL), R77.30 (EOL), R80.10 (EOL)
OS	Android, Gaia, SecurePlatform 2.6, iOS
Date Created	09-Apr-2014
Last Modified	05-Oct-2020

Symptoms

When using the Check Point Capsule Connect / VPN App on Android and iOS devices, users can successfully create a site and authenticate with user/password, but it doesn't work with certificates. Certificate enrollment works, but authentication fails.
In SmartView Tracker there is a log with error message: "unknown user DN".
Note: This also applies to the Windows 8.1 built-in Check Point VPN client.
In some cases:
In SmartViewTracker, following error is seen:
Reject Reason: VPN-1 Authentication Service authentication failure
On the devices, the users receive this error:
Internal Error - [CCC_E_GENERAL]
vpnd.elg shows 15:46:14][CPLOG] CCplogUtils::FillVarArg: str: Certificate authentication is not enabled on the gateway object under the blade's authentication settings

Solution

Note: To view this solution you need to Sign In .