This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chethan_m
Collaborator
‎2023-04-13 01:47 AM

Import SSL certificate to Checkpoint SmartEndpoint

Hi All,

I need to integrate LDAP over SSL with my Checkpoint SmartEndpoint. I'm trying to import the SSL certificate and facing the following error: "An Error has occurred while importing the certificate. Internal Error.."

The certificate is in .pem format. 

What can be potential cause for this error? How do I solve it?

If it is possible, can I get the commands to import the certificate from CLI expert mode, please?

I've also imported the CA certificate of the LDAP server. No issues with that.

 

*Attached Server Logs*

 

Thank you.

 

Endpoint Management Harmony Endpoint Quantum Security Management 

Endpoint
Endpoint
Management
Management
Harmony
Harmony Endpoint
Harmony Endpoint
Harmony
Quantum Security Management
Quantum Security Management
Quantum
0 Kudos
5 Replies
Swiftyyyy
Advisor
‎2023-04-13 10:21 AM

I suggest you follow the steps outlined in the Harmony Endpoint server administration guide https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner...


The relevant steps will be from step 6. onward at the bottom of the article. You should use the keytool program to establish trust.
To obtain the TLS/SSL certificate from the domain controller I find it easiest to perform the following command on the EP MGMT server in Expert mode.

cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 > LDAPScert.cer

  

0 Kudos
chethan_m
Collaborator
‎2023-04-14 03:19 AM
In response to Swiftyyyy

Thank you for the guide. 

I followed the same steps as there are in the document from downloading the certificate from DC and importing it to the Endpoint Security Server. But still I'm encountering the same error "SSL certificate is not installed" when I try to integrate the AD server with SmartEndpoint.

 

cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 > LDAPScert.cer

 

And the above command keeps on running without a output.

0 Kudos
Swiftyyyy
Advisor
‎2023-04-14 03:20 AM
In response to chethan_m

I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?

0 Kudos
chethan_m
Collaborator
‎2023-04-19 12:12 AM
In response to Swiftyyyy

@Swiftyyyy wrote:

I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?

Off course yes. I have. 

0 Kudos
Swiftyyyy
Advisor
‎2023-04-20 06:54 AM
In response to chethan_m

Could you try without the redirect at the end? So without writing into a file.

This way you should see the raw output of the certificate being shown. Note that to finish writing the certificate into the file, you would have to press "Enter" at some point to "close" the SSL CONNECT session.

Assuming you just hang without output at this command; I'd suggest verifying your Endpoint server can even reach your directory server over port 636.

cpopenssl s_client -connect domain.controller:636 | cpopenssl x509

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events