https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/111235#M15352 <P>You should be able to do that, yes.</P> Thu, 18 Feb 2021 21:29:36 GMT PhoneBoy 2021-02-18T21:29:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110926#M15267 <P>Hello,&nbsp;</P><P>the Nessus scanner shows vulnerabilities on to the gateways because they use self-signed certificates at the web gaia level.<BR />I want to import certificates signed with our certifications authority, but I am not sure of the impact it will have on the infrastructure, for example at SIC level ...</P><P>Thanks a lot</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 16 Feb 2021 15:41:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110926#M15267 lama 2021-02-16T15:41:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110930#M15269 <P>It is only vulnerability if you do not know who signed those certificates. No actual issue here</P> Tue, 16 Feb 2021 15:53:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110930#M15269 _Val_ 2021-02-16T15:53:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110934#M15271 <P>Thank you for you response&nbsp;</P><P>&nbsp;</P><P>What is the impact if i import certificates signed with our certifications authority on the infrastructure( at SIC level ...)</P> Tue, 16 Feb 2021 16:47:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110934#M15271 lama 2021-02-16T16:47:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110941#M15273 <P>First, you do not want to change SIC certs, neither root, nor those issued. If you try, you will have to re-do all SIC with all GWs, not a good idea.&nbsp;<BR /><BR />If your concern is SSL certs only, identify which exact portals are in need to be changed.&nbsp;</P> Tue, 16 Feb 2021 17:23:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110941#M15273 _Val_ 2021-02-16T17:23:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110955#M15276 <P>Thanks for your rwply.</P><P>&nbsp;</P><P>All what i want to do is changing certs on&nbsp; gaia portal level and really don't want that to impact any other things like sic communication or cluster communication . If there is any doubt about that i will not do any change .</P><P>&nbsp;</P> Tue, 16 Feb 2021 19:44:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110955#M15276 lama 2021-02-16T19:44:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110961#M15278 <P>To change the Gaia portal cert:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk97648" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk97648</A></P> <P>To my knowledge, you cannot change ICA to use a third party CA.<BR />Most portals exposed to users (as well as VPN) can be configured to use a certificate signed by a different CA.</P> Tue, 16 Feb 2021 20:39:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/110961#M15278 PhoneBoy 2021-02-16T20:39:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/111149#M15328 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;</P><P>&nbsp;</P><P>Thank you very much for you reply,</P><P>I have one more question please, If i changed the Certificate used by platform portal, should i changed it for all other portals , since all portals on the same Security Gateway IP address use the same certificate ( <A href="https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_MobileAccess_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_MobileAccess_AdminGuide/23007" target="_blank">https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_MobileAccess_AdminGuide/html_frameset.htm?topic=documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_MobileAccess_AdminGuide/23007</A> )</P> Thu, 18 Feb 2021 09:32:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/111149#M15328 lama 2021-02-18T09:32:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/111235#M15352 <P>You should be able to do that, yes.</P> Thu, 18 Feb 2021 21:29:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSL-Self-Signed-Certificate-vulnerabily/m-p/111235#M15352 PhoneBoy 2021-02-18T21:29:36Z