Frequently Asked Questions
For a certificate to be available in the "Local Certificate" list, it must be present in the Mac OS X Keychain with its corresponding private key.
You can easily check this in the Keychain Access application: If a certificate is listed under "My Certificates" (and not just "Certificates"), its private key is available and you will be able to select it in VPN Tracker as the "Local Certificate".
Important note for CheckPoint VPN users:
The Mac OS X Keychain Access application currently does not understand how to read private keys from some CheckPoint generated certificates.
To properly import the certificate into the Mac OS X Keychain, first convert it using the openssl command line tool:
- Open a Terminal ("Applications" > "Utilities" > "Terminal")
- Convert the certificate to PEM format:
openssl pkcs12 -in /Users/joe/Desktop/MyCheckPointCert.p12 -out /tmp/out.pem
Replace /Users/joe/Desktop/MyCheckPointCert.p12 with the path to the actual certificate that you want to convert.
You will first be asked for the password that the certificate is encrypted with. If you do not know it, please ask the administrator who has created your certificate for you. You will then be asked twice for the password that will be used to protect the exported PEM file. You can use the same password that the original certificte was encrypted with. Note that no characters will appear on screen while you type in your passwords. Simply type the password and press the return key.
- Convert the PEM file back to PKCS#12 (.p12) format:
openssl pkcs12 -in /tmp/out.pem -export -out ~/Desktop/MyFixedCheckPointCert.p12
Replace /Users/joe/Desktop/MyFixedCheckPointCert.p12 with the path where you want the fixed certificate to be stored.
You will first be asked for the password that you have just used for exporting to the PEM file, and then for a password to protect the fixed .p12 file with. You can again use the same password for everything.
Now double-click your fixed certificate file to import it into the Mac OS X keychain.