This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_Daniel_
Contributor
‎2020-05-24 04:40 PM

Import P12 Certificate

Hi there,

We're merging a R80.20 into a R80.30 SMS, the number of rules on the R80.20 is low -around 40 rules- so we're doing it via a simple script to create the objects/groups etc. which we don't have any issue with

The R80.20 is managing a single gateway used for remote access, the certificate used on it, is generated by the customer own CA server (we got a trusted root, subordinate and then the certificate).

We did export it using the command export_p12, though how shall we import it into the R80.30 SMS?

Obviously import_p12 command doesn't exist, looked around but couldn't find any leads

Cheers

Ps: we could've re-created the certificate on R80.30 from scratch, but we're trying to avoid the fingerprint warning window upon users trying to connect.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-05-25 12:58 PM

Pretty sure this is done on the relevant gateway object in SmartConsole.
You may also need to create an OPSEC CA object for the relevant CA as well, requiring the public CA key.
0 Kudos
_Daniel_
Contributor
‎2020-05-25 02:33 PM
In response to PhoneBoy

Thanks Dameon,

We managed to import the Root CA and its subordinate with no issue (click on the trusted certificate --> from OPSEC PKI select Save As.., then on the new SMS create a new Root|Subordinate and clicking on "Get", pointing to the file saved in the previous step.

Though when it comes to the actual certificate (using the Root and Subordinate created above), there isn't a similar approach. Clicking on the gateway properties then IPSec VPN, you only have one choice to use the "Add" button which generates a new CSR file to sign the certificate, no import or get from a p12 file!

0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-26 08:33 AM
In response to _Daniel_

Hm... yeah, you're right, there's no obvious option for this.
Let me check with the experts here.
0 Kudos
ritchiet
Explorer
‎2021-07-15 07:51 AM
In response to PhoneBoy

Curious as to whether there was a method discovered which allowed the import of a cert/key pair? I too am stuck facing only the option of generating a new CSR when I want to import.

0 Kudos
RamGuy239
Advisor
Advisor
‎2021-07-16 03:26 AM
In response to ritchiet

I'm pretty sure this is one of the limitations of using custom certificates for remote access / VPN when not using the mobile access blade. If the mobile access blade is in use you have much better options for adding custom certificates and you should be able to simply import it directly without creating a new csr.

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events