How to integrate 3rd party Certificate into Checkpoint SSL VPN

In the past few days, I have been confusing about how to integrate Thawte Certificate into Checkpoint SSL VPN in R75 (this guide is also for R65). I have been trying and trying , and today I got the solution. Below are the steps to install the Thawte Certificate. Before doing that, please make sure that you have done below prerequisites:

1. Download the Thawte Premium Root CA from thawte.com

2. Download the Thawte Primary Intermediate CA – also known as the thawte Primary Root CA

3. Download the Thawte Secondary Intermediate CA – also known as the thawte SSL CA

After downloading all above requrired file , here are the steps:

1. Go to the “Servers and OPSEC Applications”

2. On the Trusted CAs, right click then choose “New CAs – Trusted CA”

3. Enter the name of the CA

4. Still on the same menu, click tab “OPSEC PKI” , only tick the “HTTP Servers”

5. Click “Get” , then choose the file you already downloaded called “Thawte Premium CA”

6. On the Trusted CAs again, right click then choose “New CAs – Subordinate CA”

7. Import both Thawte Primary and Secondary CAs into the Subordinate. Then enter the name you like and click “Get” button on “OPSEC PKI” tab. After that choose the file of Thawte Primary CAs

8.Double click your SSL VPN Gateway, go to IPSec VPN.

9. Under “Repository of Certificates Available to the Gateway” . Click “Add”

10.Enter the Certificate Nickname you like.

11.Choose the “CA to enroll from”  from Secondary CAs not the Primary one.

12. Then click “Generate” in order the device to generate keys.  And also choose the option “Store keys on the Security Management Server”

13. After that, save the CSR file into your local drive.

14.Send that CSR file to Thawte in order to get Signed.

15.After receiving the Signed CSR, then go to the same menu (IPSec VPN). The click “Complete” from above step. Choose the Signed CSR then click OK

I also have the tutorial from Checkpoint regarding on how to install Verisign to Checkpoint SSL VPN. Please click the below link to download it:

Verisign and Checkpoint Firewall

 

avatar
We are teams that have the same hobbies in Information Technologies and have experienced in many fields regarding Information Technologies .

Related Articles

  • Todd

    thanks! could u please share the URL with thawte CAs?
    for example, in your steps 2, 3 you mentioned CA names that couldn’t be located under https://www.thawte.com/roots/index.html

  • jaringankita

    Sure, we will add it or if you want to know detailed… you can email to us at jaringankita@gmail.com

  • chirg shah

    how to upload a cert for HTTPS inspection rather than creating a self sign certificate.
    i have a Go Daddy standard CRT generated for organisation doamin
    pls help me get throgh

Email
Print