This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SerDiHer0411
Explorer
‎2023-08-09 03:30 PM

Platform Portal not taking my signed certificate

Greetings mates!!

 

I have a slight problem. 

I have a signed certificate, which has already been imported to my cluster (2 firewalls) in a .p12 format to the Platform Portal section. But when I access the Gaia portal, I still get the "Your connection is not private" error. When checking the certificate, it shows a 192.168.1.1 certificate, which I understand is an auto-signed certificate.

I don't understand why I'm getting this error if the certificate is already imported to the cluster. 

This is a procedure already done in other Gateways, so I don't understand what is happening.

Can you please help me or guide me to a solution please?

Thanks in advance

 

 

Preview file
9 KB
0 Kudos
10 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-08-09 03:41 PM

Can you send a screenshot of cert on the gateway settings? Please blur out sensitive info.

Andy

Best,
Andy
0 Kudos
SerDiHer0411
Explorer
‎2023-08-09 03:46 PM
In response to the_rock

 Additionally, the certificate is signed by the internal PKI; it has SANs, such as IP addresses of the gateways and the cluster, and DNSs (hostnames of the gateways and cluster, along with the domain)

Certificate Platform Portal.png

0 Kudos
_Val_
Admin
Admin
‎2023-08-10 03:26 AM
In response to SerDiHer0411

It is showing that the certificate does not match the hostname. Are you sure you created it properly? Also, a silly question, did you push policy with these settings yet?

0 Kudos
SerDiHer0411
Explorer
‎2023-08-10 09:04 AM
In response to _Val_

I'm uploading the error message, it shows a NET::ERR_CERT_AUTHORITY_INVALID

Certificate Error.png

 This are the steps followed in the creation of the certificate:

- Generate the CSR, which includes SANs

- Send the CSR and .key file to the PKI to be signed

- After they signed it, and sent it back, convert the .cer file to a .p12  using SSL Shopper's tool, which asks the .key file and a password

- Transfer the certificate to the server, in which the console is hosted

- In Platform Portal, import the certificate, in this step, the password configured in SSL Shopper is typed, after which, the certificate is imported

- Install policy on the firewall cluster

- After which, I access to a web browser, such as Chrome or Firefox, but it's where the error is shown

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-10 10:45 AM
In response to SerDiHer0411

Can you send screenshot of the cert itself from smart console?

Andy

Best,
Andy
0 Kudos
SerDiHer0411
Explorer
‎2023-08-10 11:08 AM
In response to the_rock

I'm attaching certificate details as it is imported in the console.

There's a previous screenshot of the certificate in Platform Portal

Preview file
12 KB
Preview file
4 KB
Preview file
2 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-10 11:27 AM
In response to SerDiHer0411

Cant open any of them, just says virus scan in progress. Can you message me directly?

Andy

Best,
Andy
0 Kudos
SerDiHer0411
Explorer
‎2023-08-10 11:29 AM
In response to the_rock

Certificate c1.png

Certificate SANs.png

Certificate details.png

   Sorry, let me try that again

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-10 12:32 PM
In response to SerDiHer0411

I see it now. If you installed policy after cert is uploaded, no reason why it would not work. Maybe engage TAC to confirm everything, hard to say for me without being able to check it via remote session.

Andy

Best,
Andy
0 Kudos
licenses-ssgs
Explorer
‎2025-01-08 04:32 AM

Were you able to fix this problem, same occurred with me. Certificate replaced on platform portal but not reflecting on Gaia portal.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events