Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RickyDan
Contributor
Jump to solution

Solved: Incorrect password when importing SSL certificate into Mobile Access blade

I am trying to upload a certificate to the Mobile Access blade (Gateway Properties > Mobile Access > Portal Settings > Import). However, I am always receiving an incorrect password error. I am generating the P12 file using a certificate and private key, both in PEM format, with the following command.

 

openssl pkcs12 -export -out p12file.p12 -inkey private-key.pem -in wildcard-cert.pem -passin pass:MyPassword -passout pass:MyPassword

 

Solution: Use openssl version 1.1.1 with the above command. I was using version 3.x.

 

1 Solution

Accepted Solutions
Jarvis_Lin
Collaborator

using cpopenssl or openssl version 1.1.1,

if using openssl 3.x that will cause password error

View solution in original post

7 Replies
the_rock
Legend
Legend

Let me double check, but I believe command seems correct.

0 Kudos
Jarvis_Lin
Collaborator

using cpopenssl or openssl version 1.1.1,

if using openssl 3.x that will cause password error

RickyDan
Contributor

So what you're saying is that the CP mgmt server has openssl installed and I should be generating the P12 file on the mgmt server itself?

I assume I have to take the following steps:

  1. Upload certificate file and private key to CP mgmt server.
  2. Use cpopenssl to generate my P12 file.
  3. Import P12 file into Mobile Access blade.
0 Kudos
Jarvis_Lin
Collaborator

mgmt server only has cpopenssl which version is 1.1.1.

your step is correct.

If you want to generate .p12 on third party server, the version of openssl must be 1.1.1 or you get error password is incorrect.

0 Kudos
Oliver_Fink
Advisor
Advisor

Thanks for nothing, Check Point. Using pre-historic versions… 😡

I do this veeery rarely and it took me nearly an hour, before I consulted Google. Looked for an error on my side, stupid me. I should have known better…  😤

0 Kudos
Aleksandr_Koles
Explorer

You can simply add the -legacy option to the command. Tested with OpenSSL 3.0.12 24 Oct 2023.

(2)
Emil_T
Contributor

This is how it worked for me with windows OS only and without the use of openssl or cpopenssl:

Assuming you already have the certificate with private key in windows certificates store

  1. Export the certificate with private key from windows to this format 'TripleDES-SHA1' (Not 'AES256-SHA256').

       This will create a .pfx file.

  1. Rename the file to .p12
  2. Import the .p12 file to CheckPoint
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events