I have posted something similiar before but I am going to try this again.
I am in need of emergency help!
Let me try to explain what I am trying to do and see if this is even valid!
I have a secureremote user that received a certificate from our CA server which is also located outside of our Checkpoint firewall. That CA server that issues those certificates communicates with an server on the inside of our firewall and stores that certificate information in an LDAP server. (This is a mission system and http is not ever allowed through our firewall.) My secureremote client is trying to establish a VPN to the Firewall and authenticate using his certificate that was issued by the Netscape CA outside the firewall. Since Netscape's CA is not certified to work with Checkpoint, I am hoping you can use the LDAP server to authenticate the user based on his certificate that he presents to our firewall. I have an LDAP account unit set up and the retrieval of the LDAP server's fingerprints was successful. However, the fingerprint of the LDAP server doesn't match the user's certificate nor the CA's certificate. Is that fingerprint being used for validation or is it a combination of that and the CRL retrieval???
Can this even work? Can a secureremote user use a certificate issued by our CA to authenticate at our firewall using SecureRemote and have the firewall check the CRL from the LDAP server? Is my interpretation of what I think LDAP can do for us wrong?
HELP!
THanks!
Holly Wales
Lockheed Martin
[EMAIL PROTECTED]
phone: 256-544-4179
fax: 256-544-2401
