PDA

View Full Version : Cooperative Enforcement with E80.30 failed to create a P12 Certificate



ali.syed
2012-03-13, 13:56
I am trying to create a P12 on my Security Management Server for the Endpoint Security Server Version E80.30 for Cooperative Enforcement. I keep getting the error below if i use the DN of my Endpoint Security Server Version E80.30 but if i change the DN then i am able to create the P12 certificate but then the SIC between the Security Management Server and the Endpoint Security Server Version E80.30 failed .

DN=cn=cp_mgmt,o=INT102T.corp.int.vnf68e

Security Management Server ( R71.20)
Expert@fwm102s]# cpca_client create_cert -n "cn=cp_mgmt,o=INT102T.corp.int.vnf68e" -f int102tmar92012.p12 -w password
Could not get cert buf len
Error. rc=0 err=-99 Internal error in Certificate Authority

Shows certificate created successfully after modifying the DN name

[Expert@fwm102s]# cpca_client create_cert -n "cn=cp_mgmt,o=INT102T.corp.int." -f int102tmar92012.p12 -w password
Certificate was created successfully

[Expert@fwm102s]# fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) R71.40 - Build 084
[Expert@fwm102s]#

Endpoint Security Management Server (E80.30)
Below is the syntax for creating a P12 Certificate on the Security Management Server

To create the certificate:
1. On the R71 or higher Security Management server, run:

cpca_client create_cert -n "cn=" –f <name of output file.p12> -w <password>
Where:
• cn value must be the sic_name of the Endpoint Security Management server. Get this from the Endpoint Security Management Console:
(i) Select Manage > General Properties.
(ii) On the Endpoint Policy Servers page, select the server object and click Edit.
(iii) Copy the value in the DN field.
• <password> is any password
• <name of output file> is the name of the output file, for example,output.p12