This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Espindola
Advisor
‎2020-08-17 04:19 PM

Problem adding server certificate for inbound HTTPS Inspection via API

Hey guys,

I am getting errors when adding my server certificate for inbound inspection using the R80.40 API. Here is the output:

{
"code" : "err_server_certificate_operation_failed",
"message" : "Certificate import failed. Make sure the encoded certificate is valid and the password matches that of the certificate."
}

I created a simple shell script to test. Here is what I'm using:

PASS='Ctm2AEhEvYh359+9DJKw4-r7' #Not my real pass, just a random one. Also tried without symbols, no luck
PASSBASE64=$(echo $PASS | base64)

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile fullchain.pem -out server.p12 -passout pass:${PASS}

#I also tried with -certfile chain.pem and without -certfile. No luck

CERTBASE64=$(base64 -w 0 server.p12) # -w 0 to disable line wrapping

curl -k -X POST https://10.0.0.200/web_api/add-server-certificate -H 'Content-Type: application/json' -H "X-chkp-sid: ${SID}" -d "{ \"name\":\"myserver202008\", \"base64-certificate\":\"${CERTBASE64}\",\"base64-password\":\"${PASSBASE64}\" }"
#Not my real IP

 

I did the reverse process to the certificate in the documentation example and it seems to be correct, but when I try to add the certificate to my managemente, I get a different error:

{
"code" : "generic_error",
"message" : "Runtime error: An internal error has occurred."
}

 

Does anybody see what is going wrong?

Is it correct to convert the P12 cert using base64 command or should I encode the file using "openssl base64" command?

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2020-08-18 01:30 AM

To troubleshoot, try adding certificate and password through copy/paste and not as variables/files. If it still not working, might be the password is corrupt when extracted

0 Kudos
Pedro_Espindola
Advisor
‎2020-08-18 03:17 PM
In response to _Val_

Yeah. I tried posting just the text, no variables, same result.

The weird thing is that if I decode password and file I can open it without problems.

0 Kudos
Pedro_Espindola
Advisor
‎2020-11-12 11:50 AM

I had given up on this sometime ago and came back to this issue now.

Found that the issue is with the line end of the echo command:

echo "my_password" | base64
bXlfcGFzc3dvcmQK

echo -n "my_password" | base64
bXlfcGFzc3dvcmQ=    ##This is the correct string as seen in the API example

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events