This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
4 weeks ago

Uploading External Certificate on Checkpoint Gateway

we recently had to replace all the self signed certs from out devices. I received a cert, root cert and key from DIGICERT.

from openssl i combined cert and key into a .p12 file and imported in FW. However as i didnt include root in their the cert validation is failing in subsequent scans.

Can i combine root ,cert and key files to create a .p12 ? will this solve the issue as it will have the entire chain then.

 

0 Kudos
6 Replies
the_rock
Legend
Legend
4 weeks ago

Sounds like that can work.

PhoneBoy
Admin
Admin
4 weeks ago

Yes, you need to include all the intermediary CAs in the .p12 file.

0 Kudos
(1)
LostBoY
Advisor
3 weeks ago
In response to PhoneBoy

Thanks for the reply..so i need to create a notepad file and copy the cert and root content in there ..save it as .crt and then create .p12 with the new .crt and key file ? do i need to copy named cert and root cert in a particular order in the .crt file ?

0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
In response to LostBoY

I usually do it from the top-level CA down.

LostBoY
Advisor
3 weeks ago
In response to PhoneBoy

okk..i went with named cert to chain and i think it worked as i was able to convert it to .012 and import it on the gateways

0 Kudos
JP_Rex
Collaborator
Collaborator
3 weeks ago
In response to LostBoY

The tool I like most for Cert Manupulation XCA
X - Certificate and Key management (hohnstaedt.de)

It is way easier then using the build in tools.

 

And as long as CP is keeping up do Date with the latest security patches for openSSL and Java everything is fine.

 

Regards

Peter

P.S.: Sometimes they don't and you have to use the cpopenssl

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events