Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

VPN Certificate

Options
  • 22-08-2006 11:35am
    #1
    gogul
    Closed Accounts Posts: 216 ✭✭


    Hi,

    I have a Checkpoint Sofaware firewall and I want to setup a VPN with it. The VPN is from Site to dynamic IP, but I have already solved this issue. The problem I have is that the current VPN Certificate has expired and I have no idea how to create a new one. I am currently using OpenSSL to try create it, but I am getting no where with it.

    I would appreciate any help you can provide,

    Gogul


Comments

  • Options
    #2
    Screaming Monkey
    Registered Users Posts: 218 ✭✭Screaming Monkey


    as with all sofaware/edge box issues make sure you have the latest firmware.

    But if you want to generate a cert, you can, from a checkpoint firewall management station, the following example will generate a .p12 cert which you can import onto the sofaware..

    vpn export_p12 -obj <network object> -cert <certob> -file <filename> -passwd &ltpassword>

    Where:
    &ltnetwork object> is the VPN-1 Edge /Safe@ gateway object name.
    &ltcertobj> is the name of the Certificate as it appears in the Safe@ gateway object. The Certificate's name appears in the Certificate List area of the Object Properties.
    &ltfilename> is the name of the file to be created. It must be a *.p12 file.
    &ltpassword> is the password used to authenticate and load the *.p12 file.
    Example:
    vpn export_p12 -obj Office_GW -cert defaultCert -file office_cert.p12 -passwd mypassword

    There is more from Checkpoint solution ID: #sk30423

    Otherwise i think your out of luck, the sofaware/edge does'nt support 3rd party PKCS.12 certs although maybe in the latest firmware :)


  • Options
    #3
    gogul
    Closed Accounts Posts: 216 ✭✭gogul


    I not trying to generate a Cert from the Sofaware, but rather tryin to generate a VPN Cert from third party software (e.g. OpenSSL) that will allow remote Client VPN connections to connect to the firewall. This is something that I had done before, but it was about 3 years ago and I had some help from a Network Administrator. Unfortunately, I dont have that help available and I am somewhat at a loss.


  • Options
    #4
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    This may help i can see the expiray info being used in cert gen here
    http://www.rajeevnet.com/crypto/ca/ca-paper.html


  • Options
    #5
    gogul
    Closed Accounts Posts: 216 ✭✭gogul


    Cheers Nutjob for the info, but thankfully I found a PDF that explained how the generate the exact Certificate I needed. Took me about 2 weeks to find it!!

    gogul


Advertisement