Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
itguerreiro
Explorer

Event Forwarding Manager Cloud

Hello, I'm trying to use the "EventForwarding" configuration to send the logs to my siem, but I'm having problems with the certificate. I entered my company's .crt and .pem certificates, but last step it always complains that the CA is invalid. What could I be doing wrong or what's missing? Thanks!

0 Kudos
9 Replies
_Val_
Admin
Admin

Could you please share the actual error and more details about the SIEM in use?

0 Kudos
itguerreiro
Explorer

Hi , Thanks for your interaction.

Actually I'm trying to send the logs to my current syslog server, it's not a siem. I tried to follow the step by step of the link https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/C...

But I'm having difficulties in step 3, I tried to insert my company's certificate, but when it goes to CA validate it says it's not valid. It is not very clear in this link the step by step. Could you help me in a more didactic way?

 

Thanks!!!

 

 

0 Kudos
PhoneBoy
Admin
Admin

Is your CA key a root or is it a sub-CA signed by a different CA?
In that case, I suspect you will need to include all the intermediate certificates to ensure we can validate the entire trust chain.

0 Kudos
itguerreiro
Explorer

@PhoneBoy thanks!!

Where do I process the request to download client certificate? I have to sue on my third party. like for example godday, thawte? Or should I do it on my local machine?

0 Kudos
itguerreiro
Explorer

Here's the image of the error I'm having.

0 Kudos
Lior_Manor
Employee
Employee

Hi,

Please send me the details of you Infinity account to liorm@checkpoint.com, and I will have someone take a look and get back to you.

Lior

0 Kudos
PhoneBoy
Admin
Admin

We're talking about the CA key, right?
That comes from whoever the Certificate Authority is, which should be able to provide you the public key along with all the intermediate public certificates you need.

0 Kudos
itguerreiro
Explorer

@PhoneBoy 

 

From what we understand with the command below, the "Private Key" of the CA is needed and we don't have it.

We do have the Public Key as you said, but we haven't identified how to get a Private Key from a CA.

Can we run the command in another way?

openssl x509 -req -in PORTAL.CSR -CA CA.PEM -CAkey CAPRIVATEKEY.key -CAcreateserial -out CERTOUT.CRT -days 825 -sha256

0 Kudos
PhoneBoy
Admin
Admin

Validation of a Certificate Authority does not require private keys.
However, it does require the public keys of any other CA that has signed your CA certificate.
Refer to the following example from this very website you're interacting with me on 🙂

image.png

To validate any certificate signed by DigiCert TLS RSA SHA256 2020 CA1, you also need the public key of DigiCert Global Root CA.
Unless your CA is a root, then we need all the public CAs in the certificate chain.

0 Kudos
Upcoming Events

    CheckMates Events