https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240030#M46563 <P>Have you verified the .p12 file contains all the relevant information?<BR />It should contain the private key and the entire (public) certificate chain (CA and all intermediates).</P> Thu, 30 Jan 2025 03:26:08 GMT PhoneBoy 2025-01-30T03:26:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239986#M46549 <P>Hi Everybody</P><P>&nbsp;</P><P>I want to set up the SMTP/TLS configuration with a certificate on our Checkpoint cluster under MTA.</P><P>I have summarized the certificate in a .p12, as this is the file type Checkpoint wants. At least it can only be uploaded as .p12.<BR />I have executed the following command:<BR />openssl pksc12 -export -out cert.p12 -inkey key.pem -in fullchain.pem</P><P>Then the password query appears and I have tried everything. Even with a two-digit password that I have entered correctly, the import always fails with this error message:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="error.png" style="width: 607px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/29481iFE0F13C812178727/image-size/large?v=v2&amp;px=999" role="button" title="error.png" alt="error.png" /></span></P><P><BR />Is there something wrong with the format that I need to be aware of?</P><P>Thanks for your help!<BR />Marius</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Settings.png" style="width: 579px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/29482iAEE7C925E5ECBACB/image-dimensions/579x528?v=v2" width="579" height="528" role="button" title="Settings.png" alt="Settings.png" /></span></P><P>&nbsp;</P> Wed, 29 Jan 2025 15:58:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239986#M46549 marius_kade 2025-01-29T15:58:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239990#M46551 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/106376">@marius_kade</a>&nbsp;</P> <P>What is the version? R81.20 take ?</P> <P>Here is an sk:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk123237" target="_blank" rel="noopener">https://support.checkpoint.com/results/sk/sk123237</A></P> <P><EM>"Failed to import outbound certificate. Check that the certificate's format is suitable and that the correct password has been entered"</EM></P> <P>Maybe you are under take 70.</P> <P>Akos</P> <P>&nbsp;</P> Wed, 29 Jan 2025 16:45:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239990#M46551 AkosBakos 2025-01-29T16:45:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239995#M46552 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/28415">@AkosBakos</a>&nbsp;,<BR /><BR />thanks for your reply. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /><BR />We are currently on R81.10 Take 150<BR />But i can see in Take 152 the problem may be solved. I will check if my certificate is using&nbsp;<SPAN>SHA 256 hashing algorithm tomorrow and maybe do an update to Take 152.<BR /></SPAN>I will come back and report.<BR /><BR />Thanks,<BR />Have great day!<BR /><BR /></P> Wed, 29 Jan 2025 17:08:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239995#M46552 marius_kade 2025-01-29T17:08:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239996#M46553 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/106376">@marius_kade</a>&nbsp;</P> <P>Great, but I suggest you to consider the upgrade <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Akos</P> Wed, 29 Jan 2025 17:36:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/239996#M46553 AkosBakos 2025-01-29T17:36:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240030#M46563 <P>Have you verified the .p12 file contains all the relevant information?<BR />It should contain the private key and the entire (public) certificate chain (CA and all intermediates).</P> Thu, 30 Jan 2025 03:26:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240030#M46563 PhoneBoy 2025-01-30T03:26:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240057#M46571 <P>Yes, the .p12 contains the certificate, key and fullchain.<BR />Creted with this command:<BR /><SPAN>openssl pksc12 -export -out cert.p12 -inkey key.pem -in fullchain.pem</SPAN></P><P>Inside the fullchain.pem are these certificates in this order:<BR />cert - intermediate1 - intermediate2 - root(CA)<BR /><BR />Thanks!</P> Thu, 30 Jan 2025 10:22:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240057#M46571 marius_kade 2025-01-30T10:22:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240094#M46581 <P>Looks like this may be the issue:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk123237" target="_blank">https://support.checkpoint.com/results/sk/sk123237</A><BR />Upgrade to JHF 152 or above.</P> Thu, 30 Jan 2025 15:06:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240094#M46581 PhoneBoy 2025-01-30T15:06:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240135#M46588 <P>The Certificate is in SHA256.<BR /><BR />I will do the Update to Take 172 and try again after this.<BR /><BR />Thanks for your help! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 31 Jan 2025 11:48:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240135#M46588 marius_kade 2025-01-31T11:48:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240169#M46594 <P>It's all done and worked after the update.<BR />Many thanks and have nice weekend to both of you! <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span></P><P>&nbsp;</P> Fri, 31 Jan 2025 15:29:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Configuration-of-MTA-SMTP-TLS-Connection-Which-Certificate/m-p/240169#M46594 marius_kade 2025-01-31T15:29:36Z