Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chethan_m
Collaborator

Import SSL certificate to Checkpoint SmartEndpoint

Hi All,

I need to integrate LDAP over SSL with my Checkpoint SmartEndpoint. I'm trying to import the SSL certificate and facing the following error: "An Error has occurred while importing the certificate. Internal Error.."

The certificate is in .pem format. 

What can be potential cause for this error? How do I solve it?

If it is possible, can I get the commands to import the certificate from CLI expert mode, please?

I've also imported the CA certificate of the LDAP server. No issues with that.

 

*Attached Server Logs*

 

Thank you.

 

Endpoint Management Harmony Endpoint Quantum Security Management 

0 Kudos
5 Replies
Swiftyyyy
Advisor

I suggest you follow the steps outlined in the Harmony Endpoint server administration guide https://sc1.checkpoint.com/documents/R81.10/SmartEndpoint_OLH/EN/Topics-EPSG-R81.10/DirectoryScanner...


The relevant steps will be from step 6. onward at the bottom of the article. You should use the keytool program to establish trust.
To obtain the TLS/SSL certificate from the domain controller I find it easiest to perform the following command on the EP MGMT server in Expert mode.

cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 > LDAPScert.cer

  

0 Kudos
chethan_m
Collaborator

Thank you for the guide. 

I followed the same steps as there are in the document from downloading the certificate from DC and importing it to the Endpoint Security Server. But still I'm encountering the same error "SSL certificate is not installed" when I try to integrate the AD server with SmartEndpoint.

 

cpopenssl s_client -connect domain.contoller:636 | cpopenssl x509 > LDAPScert.cer

 

And the above command keeps on running without a output.

0 Kudos
Swiftyyyy
Advisor

I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?

0 Kudos
chethan_m
Collaborator


@Swiftyyyy wrote:

I assume you've corrected the "domain.contoller:636" to the hostname of the domain controller you're binding extracting the SSL certificate from?


Off course yes. I have. 

0 Kudos
Swiftyyyy
Advisor

Could you try without the redirect at the end? So without writing into a file.

This way you should see the raw output of the certificate being shown. Note that to finish writing the certificate into the file, you would have to press "Enter" at some point to "close" the SSL CONNECT session.

Assuming you just hang without output at this command; I'd suggest verifying your Endpoint server can even reach your directory server over port 636.

cpopenssl s_client -connect domain.controller:636 | cpopenssl x509

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events