Hello all,
I'll talk you up to where I am and then where I am having the
problem. I am checkpoint FW1 4.1sp6 also. So, I went through all the
normal steps of getting the cert installed on the firewall and generating
the certificate request, which it does but there is an issue with cut and
paste so I am having to hand type out the cert request and yes it is as
tedious as it sounds. I have copied over the cert after checking it 2-3
times and then I am smacked in the face with this beauty when I try to get
the certificate.
bash-2.03# openssl ca -keyfile CA/CAkey.pem -extensions v3_ca -in
CA/guardian.csr -out guardian.pem -outdir CA/certs
Using configuration from /opt/openssl/openssl.cnf
Enter PEM pass phrase:
unable to load CA certificate
14437:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:663:Expecting: CERTIFICATE
bash-2.03#
Here is what the Certificate request looks like.
bash-2.03# cat CA/guardian.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBeDCB4gIBADA5MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOUGVhYm9keSBFbmVy
Z3kxETAPBgNVBAMTCGd1YXJkaWFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDHzHnufh+Y+GIDIUn52pqrWUiVj3HJIAGPzJikywTp4351QisZpIMsAA8x5+of
fv4tHup1n2awy+tsOCHH8qmNxDP/XT260fhUXbMZOmtq+K++VcFZZs21qYX8ZXXh
qeu8zcQcO6TmCH3ADvhkQVJ6KXHiiOV0wqnojM4gcdjUsQIDAQABoAAwDQYJKoZI
hvcNAQEFBQADgYEAsJ//6Fh8Om6DYWRuG1SM0B8ViuPY4+TeFeC0FCRra+qB8kqO
kaNntGYnR/fUghLr+Zf37s3YIPphfsATQq/oU+cZ+e1BGbZcEoqMITW4TEbZIfII
IKROgUsBiNv58fMwvnQ4PIBQQJImy9J7CVf7c5wbV6r+uZzOTGu7QrbIC9E=
-----END CERTIFICATE REQUEST-----
bash-2.03#
Am I missing something here? I dug through the archives and found that
people were talking about the pem and dur file type difference but, the
files that they said the Request should looks like look exactly like my
file. Any help would be GREATLY appreciated! Thanks
Tighe Schlottog
E-mail Disclaimer -----
The information contained in this e-mail, and in any accompanying documents,
may constitute confidential and/or legally privileged information. The
information is intended only for use by the designated recipient. If you are
not the intended recipient (or responsible for the delivery of the message to the
intended recipient), you are hereby notified that any dissemination,
distribution, copying, or other use of, or taking of any action in reliance on
this e-mail is strictly prohibited. If you have received this email
communication in error, please notify the sender immediately and delete the
message from your system.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
