This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
marius_kade
Participant
yesterday

Configuration of MTA SMTP/TLS Connection | Which Certificate Format

Hi Everybody

 

I want to set up the SMTP/TLS configuration with a certificate on our Checkpoint cluster under MTA.

I have summarized the certificate in a .p12, as this is the file type Checkpoint wants. At least it can only be uploaded as .p12.
I have executed the following command:
openssl pksc12 -export -out cert.p12 -inkey key.pem -in fullchain.pem

Then the password query appears and I have tried everything. Even with a two-digit password that I have entered correctly, the import always fails with this error message:

error.png


Is there something wrong with the format that I need to be aware of?

Thanks for your help!
Marius

Settings.png

 

Labels
0 Kudos
6 Replies
AkosBakos
Leader Leader
Leader
yesterday

Hi @marius_kade 

What is the version? R81.20 take ?

Here is an sk: https://support.checkpoint.com/results/sk/sk123237

"Failed to import outbound certificate. Check that the certificate's format is suitable and that the correct password has been entered"

Maybe you are under take 70.

Akos

 

----------------
\m/_(>_<)_\m/
(1)
marius_kade
Participant
yesterday
In response to AkosBakos

Hi @AkosBakos ,

thanks for your reply. 🙂

We are currently on R81.10 Take 150
But i can see in Take 152 the problem may be solved. I will check if my certificate is using SHA 256 hashing algorithm tomorrow and maybe do an update to Take 152.
I will come back and report.

Thanks,
Have great day!

0 Kudos
AkosBakos
Leader Leader
Leader
yesterday
In response to marius_kade

Hi @marius_kade 

Great, but I suggest you to consider the upgrade 🙂

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
PhoneBoy
Admin
Admin
yesterday

Have you verified the .p12 file contains all the relevant information?
It should contain the private key and the entire (public) certificate chain (CA and all intermediates).

marius_kade
Participant
11 hours ago
In response to PhoneBoy

Yes, the .p12 contains the certificate, key and fullchain.
Creted with this command:
openssl pksc12 -export -out cert.p12 -inkey key.pem -in fullchain.pem

Inside the fullchain.pem are these certificates in this order:
cert - intermediate1 - intermediate2 - root(CA)

Thanks!

0 Kudos
PhoneBoy
Admin
Admin
6 hours ago
In response to marius_kade

Looks like this may be the issue: https://support.checkpoint.com/results/sk/sk123237
Upgrade to JHF 152 or above.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events