CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page CP Certificate signing request refused by RSA Keon CA
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-11-12
esacpug esacpug is offline
Junior Member
  
Join Date: 2007-11-08
Posts: 2
Rep Power: 0
esacpug has an average reputation (10+)
Default CP Certificate signing request refused by RSA Keon CA
I am trying to configure PKI based authentication by checkpoint firewall (Nokia IPSO NGX R61 HFA_03) with RSA Keon CA. RSA Keon CA refuses to sign the CSR generated on CP firewall because the csr has a public exponent.

Error message:

"This certificate request has been refused because it contains a RSA key with public exponent 3. Please try to submit the request again or contact your administrator for assistance."

If you have a working set-up of such a configuration, can you please let me what should be the CP settings to generate a CSR without a public exponent.

Can anyone please let me know the required settings on the "PKI and
certificate properties" or other related settings?

Many Thanks in Advance,
esacpug
Reply With Quote
  #2 (permalink)  
Old 2007-11-17
JohnMH JohnMH is offline
Member
  
Join Date: 2006-07-15
Posts: 68
Rep Power: 3
JohnMH has an average reputation (10+)
Default Re: CP Certificate signing request refused by RSA Keon CA
That error message for me required a fix from RSA.

It was a problem introduced because RSA was no longer accepting requests with that exponent.. Which Checkpoint was generating them with.

John
Reply With Quote
  #3 (permalink)  
Old 2007-11-17
JohnMH JohnMH is offline
Member
  
Join Date: 2006-07-15
Posts: 68
Rep Power: 3
JohnMH has an average reputation (10+)
Default Re: CP Certificate signing request refused by RSA Keon CA
I think also the later version (R65) from Checkpoint fixed the issue by not generating the request with that exponent. I had a ticket with Checkpoint to fix it. RSAs fix was to add an option to allow you to accept those request types generated with that exponent.

John
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 21:39.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0