https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178035#M6831 <P>I suggest you follow the steps outlined in the Harmony Endpoint server administration guide&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner.html?Highlight=ad%20scanner" target="_blank">https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner.html?Highlight=ad%20scanner</A></P><P><BR />The relevant steps will be from step 6. onward at the bottom of the article. You should use the keytool program to establish trust.<BR />To obtain the TLS/SSL certificate from the domain controller I find it easiest to perform the following command on the EP MGMT server in Expert mode.</P><LI-CODE lang="markup">cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 &gt; LDAPScert.cer</LI-CODE><P>&nbsp;&nbsp;</P> Thu, 13 Apr 2023 17:21:16 GMT Swiftyyyy 2023-04-13T17:21:16Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178007#M6829 <P>Hi All,</P><P>I need to integrate LDAP over SSL with my Checkpoint SmartEndpoint. I'm trying to import the SSL certificate and facing the following error: <STRONG>"An Error has occurred while importing the certificate. Internal Error.."</STRONG></P><P>The certificate is in .pem format.&nbsp;</P><P>What can be potential cause for this error? How do I solve it?</P><P>If it is possible, can I get the commands to import the certificate from CLI expert mode, please?</P><P>I've also imported the CA certificate of the LDAP server. No issues with that.</P><P>&nbsp;</P><P>*Attached Server Logs*</P><P>&nbsp;</P><P>Thank you.</P><P>&nbsp;</P><P><LI-PRODUCT title="Endpoint" id="Endpoint"></LI-PRODUCT>&nbsp;<LI-PRODUCT title="Management" id="Management"></LI-PRODUCT>&nbsp;<LI-PRODUCT title="Harmony Endpoint" id="sandblast-agent"></LI-PRODUCT>&nbsp;<LI-PRODUCT title="Quantum Security Management" id="r80-40-smart-1-cloud"></LI-PRODUCT>&nbsp;</P> Thu, 13 Apr 2023 08:47:15 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178007#M6829 chethan_m 2023-04-13T08:47:15Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178035#M6831 <P>I suggest you follow the steps outlined in the Harmony Endpoint server administration guide&nbsp;<A href="https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner.html?Highlight=ad%20scanner" target="_blank">https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner.html?Highlight=ad%20scanner</A></P><P><BR />The relevant steps will be from step 6. onward at the bottom of the article. You should use the keytool program to establish trust.<BR />To obtain the TLS/SSL certificate from the domain controller I find it easiest to perform the following command on the EP MGMT server in Expert mode.</P><LI-CODE lang="markup">cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 &gt; LDAPScert.cer</LI-CODE><P>&nbsp;&nbsp;</P> Thu, 13 Apr 2023 17:21:16 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178035#M6831 Swiftyyyy 2023-04-13T17:21:16Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178076#M6834 <P>Thank you for the guide.&nbsp;</P><P>I followed the same steps as there are in the document from downloading the certificate from DC and importing it to the Endpoint Security Server. But still I'm encountering the same error "SSL certificate is not installed" when I try to integrate the AD server with SmartEndpoint.</P><P>&nbsp;</P><PRE>cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 &gt; LDAPScert.cer</PRE><P>&nbsp;</P><P>And the above command keeps on running without a output.</P> Fri, 14 Apr 2023 10:19:16 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178076#M6834 chethan_m 2023-04-14T10:19:16Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178077#M6835 <P>I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?</P> Fri, 14 Apr 2023 10:20:38 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178077#M6835 Swiftyyyy 2023-04-14T10:20:38Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178440#M6853 <BLOCKQUOTE><HR /><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/66534">@Swiftyyyy</a>&nbsp;wrote:<BR /><P>I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?</P><HR /></BLOCKQUOTE><P>Off course yes. I have.&nbsp;<BR /><BR /></P> Wed, 19 Apr 2023 07:12:21 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178440#M6853 chethan_m 2023-04-19T07:12:21Z https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178626#M6880 <P>Could you try without the redirect at the end? So without writing into a file.</P><P>This way you should see the raw output of the certificate being shown. Note that to finish writing the certificate into the file, you would have to press "Enter" at some point to "close" the SSL CONNECT session.</P><P>Assuming you just hang without output at this command; I'd suggest verifying your Endpoint server can even reach your directory server over port 636.</P><LI-CODE lang="markup">cpopenssl s_client -connect domain.controller:636 | cpopenssl x509</LI-CODE><P>&nbsp;</P> Thu, 20 Apr 2023 13:54:26 GMT https://community.checkpoint.com/t5/Endpoint/Import-SSL-certificate-to-Checkpoint-SmartEndpoint/m-p/178626#M6880 Swiftyyyy 2023-04-20T13:54:26Z