This is TikiWiki v1.9.9 -Sirius- © 2002–2007 by the Tiki community Mon 06 of Sep, 2010 [00:37 UTC]
Menu [hide]
Home
Categories
Toggle Wiki
Wiki Home
Last Changes
Rankings
List pages
Orphan pages
Sandbox
Toggle Image Galleries
Galleries
Rankings
Rankings
Toggle File Galleries
List galleries
Tikiwiki Assistant
Thank you for installing Tikiwiki!
Click the :: options in the Menu for more options. Please, also see TikiMovies for more setup details.

Convert Certificates

print
Previous page Parent page Next page TOC
TOC  >  Check Point Certificates  >  Client Certificates  >  Convert Certificates

Convert Certificates


Convert the certificates into a format that can be used by Openswan. Convert the .p12 Check Point certificates to .pem certificates for use by Openswan. Use OpenSSL to convert the certificates.

You should have two directories with each with a dozen or more certificates.

Directory NameFile Name
  \certs\location-a\     soho-user-a.dyndns.info.p12   
  soho-user-b.dyndns.info.p12
  soho-user-c.dyndns.info.p12
  soho-user-d.dyndns.info.p12
  soho-user-e.dyndns.info.p12
  \certs\location-b\  soho-user-a.dyndns.info.p12
  soho-user-b.dyndns.info.p12
  soho-user-c.dyndns.info.p12
  soho-user-d.dyndns.info.p12
  soho-user-e.dyndns.info.p12


  1. Extract the key from the pkcs12 certificate file created with the Check Point ICA Management web site.
    1. openssl pkcs12 –in username.dyndns.info.p12 –nocerts –out username.dyndns.info.key
    2. Enter the certificate password when OpenSSL asks for the password. You will need to enter username123 three times.

  2. Extract the personal certificate from the pkcs12 certificate file.
    1. openssl pkcs12 –in username.dyndns.info.p12 –clcerts –nokeys –out username.dyndns.info.pem
    2. Enter the certificate password when asked for a password.
    3. Use the vi editor to remove the CA certificate from the personal certificate you just created. Delete everything from line 1 “Bag Attributes” up to and including “----END CERTIFICATE----“.
      1. You can enter 23dd in vi to delete the first 23 lines. Make sure you do not delete too much.

You should now have .key private key and .pem public key files that can be used by Openswan on the SOHO VPN Routers.

Directory NameFile Name
  \certs\location-a\     soho-user-a.dyndns.info.p12   
  soho-user-a.dyndns.info.key
  soho-user-a.dyndns.info.pem
  soho-user-b.dyndns.info.p12
  soho-user-b.dyndns.info.key
  soho-user-b.dyndns.info.pem
  soho-user-c.dyndns.info.p12
  soho-user-c.dyndns.info.key
  soho-user-c.dyndns.info.pem
  soho-user-d.dyndns.info.p12
  soho-user-d.dyndns.info.key
  soho-user-d.dyndns.info.pem
  soho-user-e.dyndns.info.p12
  soho-user-e.dyndns.info.key
  soho-user-e.dyndns.info.pem
  \certs\location-b\  soho-user-a.dyndns.info.p12
  soho-user-a.dyndns.info.key
  soho-user-a.dyndns.info.pem
  soho-user-b.dyndns.info.p12
  soho-user-b.dyndns.info.key
  soho-user-b.dyndns.info.pem
  soho-user-c.dyndns.info.p12
  soho-user-c.dyndns.info.key
  soho-user-c.dyndns.info.pem
  soho-user-d.dyndns.info.p12
  soho-user-d.dyndns.info.key
  soho-user-d.dyndns.info.pem
  soho-user-e.dyndns.info.p12
  soho-user-e.dyndns.info.key
  soho-user-e.dyndns.info.pem

Created by: system last modification: Monday 07 of May, 2007 [22:04:19 UTC] by kpalmer

source
history
similar
discuss
Powered by Tikiwiki Powered by PHP Powered by Smarty Powered by ADOdb Made with CSS Powered by RDF powered by The PHP Layers Menu System
RSS Wiki RSS Image Galleries RSS File Galleries RSS Forums
[ Execution time: 0.45 secs ]   [ Memory usage: 7.72MB ]   [ GZIP Disabled ]   [ Server load: 0.00 ]