Last adaptation to the version: 12.5.1
New:
- Support for legacy algorithms can be enabled in the new General tab
notempty
This article refers to a Resellerpreview
-
Display the content of this page at
- UTM/AUTH/Zertifikate (transclusion) (← links)
- UTM/APP/Captive Portal-extern (transclusion) (← links)
- UTM/APP/Captive Portal (transclusion) (← links)
- UTM/AUTH/Zertifikate/Drittanbieter (transclusion) (← links)
- UTM/AUTH/Zertifikate v12.4 (transclusion) (← links)
- UTM/AUTH/Zertifikate-Importformat v11.8 (← links)
- UTM/AUTH/Zertifikate v12.5.1 (transclusion) (← links)
Import format
Import format
Certificates and CAs to be imported into a UTM must be in the format .pem or .p12 (pkcs12).
Certificates can be converted with the tool openssl - available for all common platforms (part of Linux, call via console) - and the following commands:
| Certificate | Command |
|---|---|
| X509 to PEM | openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem |
| DER to PEM | openssl x509 -inform der -in certificate.cer -out certificate.pem |
| P7B to PEM | openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem |
Error message during import
During import, the error message "The certificate format is not supported..." may appear.
Password protected certificates in pkcs12 format (.p12 , .pfx , .pkcs12) in conjunction with older ciphers can trigger this error.
New as of v12.5.1
the option Support legacy cryptographic algorithms On is enabled.
notempty Requires a This will interrupt all connections (incl. VPN connections) to the UTM!
Options for importing certificates:
- Convert certificate to *.pem
Certificates can be converted with the tool openssl - available for all common platforms (part of Linux, call via console) - and the following commands:
openssl pkcs12 -in Zertifikat.pfx -out Zertifikat.pem -nodes
Alternatively with the help of an online service - CLI commands to allow certificate import with obsolete ciphers in the UTM
extc global set variable GLOB_ENABLE_SSL_LEGACY value 1
appmgmt config application "securepoint_firewall"
appmgmt config application "fwserver"
system reboot
notemptyRequires a This will interrupt all connections (incl. VPN connections) to the UTM!
cli> extc global get variable GLOB_ENABLE_SSL_LEGACY variable |value ----------------------+----- GLOB_ENABLE_SSL_LEGACY|0 cli> extc global set variable GLOB_ENABLE_SSL_LEGACY value 1 OK cli> extc global get variable GLOB_ENABLE_SSL_LEGACY variable |value ----------------------+----- GLOB_ENABLE_SSL_LEGACY|1 cli> appmgmt config application "securepoint_firewall" cli> appmgmt config application "fwserver"