cancel
Showing results for 
Search instead for 
Did you mean: 
maitane
Level 7

How to import pkcs12 in MWG 7.2.9.0

Hi everybody,

Does anybody know, how I must do to insert a pkcs12.

There are some procedure?

Thanks in advance.

0 Kudos
17 Replies
McAfee Employee

Re: How to import pkcs12 in MWG 7.2.9.0

I assume you are doing this for the CA? See link below for converting the file to the correct formats.

Web Gateway: How to create and import a Microsoft Subordinate Certificate Authority (Sub CA) for MWG7 - https://kc.mcafee.com/corporate/index?page=content&id=KB75037

Best,

Jon

0 Kudos
maitane
Level 7

Re: How to import pkcs12 in MWG 7.2.9.0

Hi Jon,

Yes I am doing this for the CA. My CA isn´t it for Microsoft, instead of IZENPE, but I think it is the same.

When I am importing into the MWG7 that there are in cluster, give me an error.

CORE: CHost: Engine ´com.scur.engine.proxy´ did not accept configuration with name ´SSL Navegacion HEzkUntz CA´(4 Nodes)

Any idea??

Thanks

0 Kudos
asabban
Level 17

Re: How to import pkcs12 in MWG 7.2.9.0

Hello,

did you convert the PKCS12 files to PEM? MWG cannot read certificates in PKCS12 format.

Best,

Andre

0 Kudos
maitane
Level 7

Re: How to import pkcs12 in MWG 7.2.9.0

Hi,

Yes I convet the PKCS12 in PEM for certificate, key and CA_intermediate.

thanks

0 Kudos
maitane
Level 7

Re: How to import pkcs12 in MWG 7.2.9.0

I think that I know what happend.

The problem is that I have a certifie for a CA intermediate, and when I am making the chain file I have an error.

Could be because I need run the CA, CA intermediate and certificate really??

I am not sure how to do that, but I´ll try it.

Thanks

0 Kudos
McAfee Employee

Re: How to import pkcs12 in MWG 7.2.9.0

I don't quite understand the comment.

In general you need the certificate file in a file of its own. Then you need all of the links in the chain in it's own file.

As a troubleshooting step, I would advise importing just the ca cert and key (without the chain file), to see if it saves. This will help you know if it truley is the chain, or perhaps the key file that needs conversion.

Best,

Jon

0 Kudos
maitane
Level 7

Re: How to import pkcs12 in MWG 7.2.9.0

Hi Jon,

Now I get. The problem is that I don´t have the root CA in the appliance.

When I put the root CA and middle CA I get import my pkcs12 as you said.

Thank you very much.

0 Kudos
maitane
Level 7

Re: How to import pkcs12 in MWG 7.2.9.0

Hello,

I can import a root certificate authority  for signing the certificates the appliance sends to its clients

but When I activate the SSL Scanner, It is like I can not use my root CA instead of the default certificate authority.

I change in the set client context in the enable SSL client context with CA for my root CA. But when I am browsing https page I can see the message about certificate validation

If I disable the "certificate verification rule" everything works fine.

Any ideas how to resolve the issue??

Thanks

0 Kudos
McAfee Employee

Re: How to import pkcs12 in MWG 7.2.9.0

It sounds like you have not imported the certificate and key in to the setting which is actually being used.

Or your browser just doesnt trust the CA you imported.

Disabling certificate verification just disables SSL scanning, so you are just masking the issue.

Best,

Jon

0 Kudos