Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Uploading External Certificate on Checkpoint Gateway

we recently had to replace all the self signed certs from out devices. I received a cert, root cert and key from DIGICERT.

from openssl i combined cert and key into a .p12 file and imported in FW. However as i didnt include root in their the cert validation is failing in subsequent scans.

Can i combine root ,cert and key files to create a .p12 ? will this solve the issue as it will have the entire chain then.

 

0 Kudos
6 Replies
the_rock
Legend
Legend

Sounds like that can work.

PhoneBoy
Admin
Admin

Yes, you need to include all the intermediary CAs in the .p12 file.

0 Kudos
(1)
LostBoY
Advisor

Thanks for the reply..so i need to create a notepad file and copy the cert and root content in there ..save it as .crt and then create .p12 with the new .crt and key file ? do i need to copy named cert and root cert in a particular order in the .crt file ?

0 Kudos
PhoneBoy
Admin
Admin

I usually do it from the top-level CA down.

LostBoY
Advisor

okk..i went with named cert to chain and i think it worked as i was able to convert it to .012 and import it on the gateways

0 Kudos
JP_Rex
Collaborator
Collaborator

The tool I like most for Cert Manupulation XCA
X - Certificate and Key management (hohnstaedt.de)

It is way easier then using the build in tools.

 

And as long as CP is keeping up do Date with the latest security patches for openSSL and Java everything is fine.

 

Regards

Peter

P.S.: Sometimes they don't and you have to use the cpopenssl

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events