This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
itguerreiro
Explorer
‎2022-09-26 11:13 AM

Event Forwarding Manager Cloud

Hello, I'm trying to use the "EventForwarding" configuration to send the logs to my siem, but I'm having problems with the certificate. I entered my company's .crt and .pem certificates, but last step it always complains that the CA is invalid. What could I be doing wrong or what's missing? Thanks!

0 Kudos
9 Replies
_Val_
Admin
Admin
‎2022-09-27 12:17 AM

Could you please share the actual error and more details about the SIEM in use?

0 Kudos
itguerreiro
Explorer
‎2022-09-27 05:17 AM
In response to _Val_

Hi , Thanks for your interaction.

Actually I'm trying to send the logs to my current syslog server, it's not a siem. I tried to follow the step by step of the link https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/C...

But I'm having difficulties in step 3, I tried to insert my company's certificate, but when it goes to CA validate it says it's not valid. It is not very clear in this link the step by step. Could you help me in a more didactic way?

 

Thanks!!!

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-27 10:48 AM
In response to itguerreiro

Is your CA key a root or is it a sub-CA signed by a different CA?
In that case, I suspect you will need to include all the intermediate certificates to ensure we can validate the entire trust chain.

0 Kudos
itguerreiro
Explorer
‎2022-09-27 10:55 AM
In response to PhoneBoy

@PhoneBoy thanks!!

Where do I process the request to download client certificate? I have to sue on my third party. like for example godday, thawte? Or should I do it on my local machine?

0 Kudos
itguerreiro
Explorer
‎2022-09-27 10:59 AM
In response to itguerreiro

Here's the image of the error I'm having.

Preview file
13 KB
0 Kudos
Lior_Manor
Employee
Employee
‎2022-09-27 12:09 PM
In response to itguerreiro

Hi,

Please send me the details of you Infinity account to liorm@checkpoint.com, and I will have someone take a look and get back to you.

Lior

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-27 02:16 PM
In response to itguerreiro

We're talking about the CA key, right?
That comes from whoever the Certificate Authority is, which should be able to provide you the public key along with all the intermediate public certificates you need.

0 Kudos
itguerreiro
Explorer
‎2022-09-28 08:36 AM
In response to PhoneBoy

@PhoneBoy 

 

From what we understand with the command below, the "Private Key" of the CA is needed and we don't have it.

We do have the Public Key as you said, but we haven't identified how to get a Private Key from a CA.

Can we run the command in another way?

openssl x509 -req -in PORTAL.CSR -CA CA.PEM -CAkey CAPRIVATEKEY.key -CAcreateserial -out CERTOUT.CRT -days 825 -sha256

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-29 07:35 AM
In response to itguerreiro

Validation of a Certificate Authority does not require private keys.
However, it does require the public keys of any other CA that has signed your CA certificate.
Refer to the following example from this very website you're interacting with me on 🙂

image.png

To validate any certificate signed by DigiCert TLS RSA SHA256 2020 CA1, you also need the public key of DigiCert Global Root CA.
Unless your CA is a root, then we need all the public CAs in the certificate chain.

0 Kudos
Upcoming Events

    CheckMates Events