should that not be fwauthd.conf ?
is defaultCert the cert name on your FW1 module
?
if so then all you should need is a rule allowing
tcp 950 in from whatever nets are going to authenticate, and then also a client
auth rule for whatever services you want
you'll need to restart the fwd and then it should
work
if not do a netstat -an | grep 950 to see if its
listening
if not there's your problem, if so, try editing
your fwauthd.conf so as its not using ssl, and then see if you can do a http
session to it, if so then its yer ssl thats going screwy
uly
----- Original Message -----
Sent: Monday, June 10, 2002 2:18 PM
Subject: [FW-1] HTTPS CLIENT
AUTHENTICATION
I´m interested in perform HTPPS Client
Authentication.
I have made the next change in my
in.ahclientd but doesn´t work:
950 fwssd
in.ahclientd wait 950
ssl:defaultCert
(I got this line from Elliot at
phoneboy.com)
I have Checkpoint Firewall-1 NG FP2 (without
VPN-1), and I can see the default certificate (defaultCert) in the firewall
object.
For testing purposes, I have added a rule
at the top to accept all services against my firewall, for discarding
errors
about port filtering.
HTTP Client Authentication works normally, but no
HTTPS ( I tried https://myfirewall:950 after this
change and it doesnt work).
Is there any additional action I must do,
for resolve my problem?
Thanks for all.
|