Hey People!
The company I work for provides VPN connection using a machine authentication Method. They have Managed Windows machines that can use that feature with no issues. My Team is bound to MacOS devices and that feature fails with following:
Connecting to site…
Policy on gateway has changed…
Detecting Proxy Configuration…
Resolving site name…
Retrieving site information…
Checking if a client update is available…
Connecting to site…
Connection could not be established: Machine certificate is required
I tried the iOS Capsule App and even that manages to connect to the VPN with no issues.
Do I have to configure something on my end to identify my machine? What am I missing?
Not done it yet with MacOS, but…
- Your MacOS has joined the Windows Domain?
- Your Endpoint Version is E84.30 or better?
- You checked your systems keychain for a machine certificate?
You can import Machine Certificate delivered by Your Admin Team on the MacOS with command.
sudo security import PATH_TO_CERT -P CERT_PASSWORD -k /Library/Keychains/System.keychain -T /Library/Application\ Support/Checkpoint/Endpoint\ Security /Endpoint \ Connect/TracSrvWrapper
Using this command will help You import certificate and adds Endpoint service to the Allowed Apps List
We would usually connect using credentials + OTP but that broke today and no one could connect. We use Office365 package with no issues.
Latest available Version.
I have no machine certificate in my Keychain and have not found any informations on how to create one.
I have no machine certificate in my Keychain and have not found any informations on how to create one.
Joining the Windows Domain should generate one. You know that being in a Windows Domain is a requirement, right?
Makes sense. I tried the Company Portal App to entroll my device, but that did not help either.
It works on iOS with the Capsule app without being in a Windows Domain though.
Capsule Workspace or VPN? Capsule Workspace needs certificates from the Management as a requirement.
For Capsule VPN, it uses different authentication settings - it is seen as Mobile Access, not Endpoint Connect.
Capsule VPN app. Interesting.