Solved: Solved: Incorrect password when importing SSL cert...

RickyDan · ‎2022-07-17

I am trying to upload a certificate to the Mobile Access blade (Gateway Properties > Mobile Access > Portal Settings > Import). However, I am always receiving an incorrect password error. I am generating the P12 file using a certificate and private key, both in PEM format, with the following command.

openssl pkcs12 -export -out p12file.p12 -inkey private-key.pem -in wildcard-cert.pem -passin pass:MyPassword -passout pass:MyPassword

Solution: Use openssl version 1.1.1 with the above command. I was using version 3.x.

Jarvis_Lin · ‎2022-07-17

using cpopenssl or openssl version 1.1.1,

if using openssl 3.x that will cause password error

View solution in original post

the_rock · ‎2022-07-17

Let me double check, but I believe command seems correct.

Best,
Andy

Jarvis_Lin · ‎2022-07-17

using cpopenssl or openssl version 1.1.1,

if using openssl 3.x that will cause password error

RickyDan · ‎2022-07-17

So what you're saying is that the CP mgmt server has openssl installed and I should be generating the P12 file on the mgmt server itself?

I assume I have to take the following steps:

Upload certificate file and private key to CP mgmt server.
Use cpopenssl to generate my P12 file.
Import P12 file into Mobile Access blade.

Jarvis_Lin · ‎2022-07-17

mgmt server only has cpopenssl which version is 1.1.1.

your step is correct.

If you want to generate .p12 on third party server, the version of openssl must be 1.1.1 or you get error password is incorrect.

Oliver_Fink · ‎2024-05-14

Thanks for nothing, Check Point. Using pre-historic versions… 😡

I do this veeery rarely and it took me nearly an hour, before I consulted Google. Looked for an error on my side, stupid me. I should have known better… 😤

Aleksandr_Koles · ‎2024-02-15

You can simply add the -legacy option to the command. Tested with OpenSSL 3.0.12 24 Oct 2023.

Emil_T · ‎2024-09-02

This is how it worked for me with windows OS only and without the use of openssl or cpopenssl:

Assuming you already have the certificate with private key in windows certificates store

Export the certificate with private key from windows to this format 'TripleDES-SHA1' (Not 'AES256-SHA256').

This will create a .pfx file.

Rename the file to .p12
Import the .p12 file to CheckPoint

Solved: Incorrect password when importing SSL certificate into Mobile Access blade

Solved: Incorrect password when importing SSL certificate into Mobile Access blade

Are you a member of CheckMates?

Solved: Incorrect password when importing SSL certificate into Mobile Access blade

Solved: Incorrect password when importing SSL certificate into Mobile Access blade