This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LM-Rafael
Collaborator
‎2025-02-24 01:34 PM

How to create a self signed certificate with openssl?

Hello everyone,

I'm trying to create a self-signed certificate using OpenSSL, but I keep running into an issue where the certificate is recognized as invalid.

I followed these steps to create the certificate:

  1. Generating the Private Key

    openssl genrsa -out my_private.key 2048

  2. Creating the Certificate Signing Request (CSR)

    openssl req -new -key my_private.key -out my_request.csr

    I filled in the required details like Common Name (CN), organization, and location.

  3. Creating the Self-Signed Certificate

    openssl x509 -req -in my_request.csr -signkey my_private.key -out my_certificate.crt -days 365 -sha256

  4. Converting to PFX for Import

    openssl pkcs12 -export -out my_certificate.pfx -inkey my_private.key -in my_certificate.crt -passout pass:MySecurePassword

Everything seems to be correct, but when I try to use the certificate, my system or application says it is invalid.

I checked the certificate details with:

openssl x509 -in my_certificate.crt -noout -text

The output seems fine, but it still doesn’t work.

Could the issue be related to a missing CA certificate, incorrect signing, or something else in my OpenSSL setup?

I’d really appreciate any help or advice on what could be causing this. Has anyone else experienced this problem?

Thanks in advance!

Rafael

0 Kudos
8 Replies
Lesley
MVP Gold
MVP Gold
‎2025-02-24 01:50 PM

Maybe it is a stupid comment. But for me it is normal an application / browser will give a warning because it is self-signed. 

And with system you mean a Check Point device? Because I don't see how it is related yet. 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
LM-Rafael
Collaborator
‎2025-02-24 02:04 PM
In response to Lesley

Sry.

I want to upload the self-signed certificate to my 1600 appliance. But i get from the appliance web interface the error message: "Invalid Certificate or Password is Wrong". But the Password is correct!

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-02-24 05:37 PM
In response to LM-Rafael

Maybe wrong cert extension?

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-02-24 05:51 PM
In response to LM-Rafael

Reason @LM-Rafael why I asked last question about extension of the cert is because whenever you try to upload any sort of cert, regardless if its for the fw or anything else, it will always come up with predefined (for the lack of the better word) extension, so say if you see .p12 there, then certificate HAS TO be in that format, nothing else would work.

Hope that helps.

Andy

Best,
Andy
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-02-25 12:52 AM
In response to LM-Rafael

I think you have to upload a .p12

Atleast in SmartConsole it is always a .p12. I assume this is locally managed? 

-------
Please press "Accept as Solution" if my post solved it 🙂
the_rock
MVP Platinum
MVP Platinum
‎2025-02-25 04:01 AM
In response to Lesley

I think so too Lesley. Thats the only extension I ever see when trying to upload fw cert.

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2025-02-25 01:19 AM

Hi @LM-Rafael 

I usually user XCA to handle certificates.

https://hohnstaedt.de/xca/

This is really good tool

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-02-25 02:50 AM

How to get a .p12 certificate can be found in https://support.checkpoint.com/results/sk/sk170395

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events