CRL and OCSP for trusted certificates are not checked.
Options
All Replies
-
Hi @ThomasW
Can you provide your screenshot of configuration and more detailed test procedure to us ? (p.s. if there are screenshots would be better.)
If your ATP device does not validate client certificates that are signed by root CA, is there any error message appears?
Thanks
0 -
Hi @Zyxel_Jeff
Below is screenshot of Object -> Certificate -> "Trusted certifications" screen.- I've imported here the Root CA certificate of my private authority center and checked following option:
2. I've checked "Authenticate Client Certificates" in System -> WWW
3. I've created a client certificate and signed it by the same Root CA. Certificate is added to "Personal" directory in windows certificate store.
4. I've tested if it is possible to login to ATP. (Pointed web browser to external IP address of ATP device) connection is established and it is possible to login to ATP.
5. I've revoked client certificate in Root CA and published CRL
6. I've tested if access to ATP is revoked. Unfortunately, the client with revoked certificate still can login to ATP device using web browser.
0 -
Hi @Zyxel_Jeff
Below is screenshot of Object -> Certificate -> "Trusted certifications" screen.- I've imported here the Root CA certificate of my private authority center and checked following option:
2. I've checked "Authenticate Client Certificates" in System -> WWW
3. I've created a client certificate and signed it by the same Root CA. Certificate is added to "Personal" directory in windows certificate store.
4. I've tested if it is possible to login to ATP. (Pointed web browser to external IP address of ATP device) connection is established and it is possible to login to ATP.
5. I've revoked client certificate in Root CA and published CRL
6. I've tested if access to ATP is revoked. Unfortunately, the client with revoked certificate still can login to ATP device using web browser.
Thansk0 -
Hi is it any update on this? I still cannot use CRL list in atp device, any revoked certificate is accepted by device and users with revoked certificate can access device.0
-
Hi @ThomasWCould you provide the device config file to us via private message for further check?We would like to check the part of certificate authentication.
Thanks.0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 333 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight