I've had it working using an external CA. (iPlanet). You have to import the root CA cert (no subordinate CA support - or am I getting that mixed up with 4.1? - had them both working with the NG client), request and import a server cert and the client cert has to be visible in the CAPI store (use IE 5.5. or 6.0 to check your cert on the client). I actually had it working with a Datakey smart card, as long as the public cert was in the CAPI. I used an LDAP Directory to store the user certificates - I don't know if CP will store them internally..
I have not tried the internal CA. Be warned about using it with MSFT CA and Active Directory. My SE tells me the MSFT CA should work but not well with the Win2K Active Directory. Use an external LDAP DS. Active Directory wants a DNS format DN while the CA certs are x.509. The CP uses the DN in the user's cert to read the user permissions from the LDAP. You can probably work around the default DN formats but it's a lot more complicated (better know your Active Directory and CA management stuff.) Gotta rush out of the office - I'm working on a Cisco/Entrust setup. Adam If Arafat can't control the Palestinians, why bother dealing with him? If he can control them and funds them, then what's the difference between him and Bin Laden? ----- Original Message ----- From: "Madhur Nanda" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 07, 2002 1:31 AM Subject: Checkpoint NG and Securemote Hi All, Has anybody successfully tested Checkpoint NG and Securemote client connectivity using IKE as the encryption and certificates as the authentication method. I m trying but no success so far. Not able to generate certificates for Securemote Users. I wish to first test it with Checkpoint Internal CA... Still not clear how the whole setup would work..like CRL retrieval by the Securemote clients..etc any pointers or info are welcome TIA rgds Madhur _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
