Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
_Daniel_
Contributor

Import P12 Certificate

Hi there,

We're merging a R80.20 into a R80.30 SMS, the number of rules on the R80.20 is low -around 40 rules- so we're doing it via a simple script to create the objects/groups etc. which we don't have any issue with

The R80.20 is managing a single gateway used for remote access, the certificate used on it, is generated by the customer own CA server (we got a trusted root, subordinate and then the certificate).

We did export it using the command export_p12, though how shall we import it into the R80.30 SMS?

Obviously import_p12 command doesn't exist, looked around but couldn't find any leads

Cheers

Ps: we could've re-created the certificate on R80.30 from scratch, but we're trying to avoid the fingerprint warning window upon users trying to connect.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Pretty sure this is done on the relevant gateway object in SmartConsole.
You may also need to create an OPSEC CA object for the relevant CA as well, requiring the public CA key.
0 Kudos
_Daniel_
Contributor

Thanks Dameon,

We managed to import the Root CA and its subordinate with no issue (click on the trusted certificate --> from OPSEC PKI select Save As.., then on the new SMS create a new Root|Subordinate and clicking on "Get", pointing to the file saved in the previous step.

Though when it comes to the actual certificate (using the Root and Subordinate created above), there isn't a similar approach. Clicking on the gateway properties then IPSec VPN, you only have one choice to use the "Add" button which generates a new CSR file to sign the certificate, no import or get from a p12 file!

0 Kudos
PhoneBoy
Admin
Admin

Hm... yeah, you're right, there's no obvious option for this.
Let me check with the experts here.
0 Kudos
ritchiet
Explorer

Curious as to whether there was a method discovered which allowed the import of a cert/key pair? I too am stuck facing only the option of generating a new CSR when I want to import.

0 Kudos
RamGuy239
Advisor
Advisor

I'm pretty sure this is one of the limitations of using custom certificates for remote access / VPN when not using the mobile access blade. If the mobile access blade is in use you have much better options for adding custom certificates and you should be able to simply import it directly without creating a new csr.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events