https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143797#M25131 <P>Gaia portal and Identity Awareness portal are two separate things.</P> <P>For the Gaia (Platform) portal, the number of people accessing it are relatively small and technical in nature.<BR />For that, just using the default self-signed certificate is fine, unless you desire something different.</P> <P>The IDA portal touches a lot of users.<BR />For that, you will want to use a cert signed by a CA the end user browsers trust.<BR />Whether you use the ICA or an external CA...matter of preference, largely.</P> Tue, 15 Mar 2022 20:52:10 GMT PhoneBoy 2022-03-15T20:52:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143791#M25130 <P>What is the best practice around the SSL certificates for Gaia Portal/Identity Awareness? Should I use the internal CA? our corporate CA? A third way? I can see advantages to either solution.</P> Tue, 15 Mar 2022 19:04:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143791#M25130 Fraser_Hess 2022-03-15T19:04:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143797#M25131 <P>Gaia portal and Identity Awareness portal are two separate things.</P> <P>For the Gaia (Platform) portal, the number of people accessing it are relatively small and technical in nature.<BR />For that, just using the default self-signed certificate is fine, unless you desire something different.</P> <P>The IDA portal touches a lot of users.<BR />For that, you will want to use a cert signed by a CA the end user browsers trust.<BR />Whether you use the ICA or an external CA...matter of preference, largely.</P> Tue, 15 Mar 2022 20:52:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143797#M25131 PhoneBoy 2022-03-15T20:52:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143962#M25132 <P>Thank you for that advice. Just to let you know, we aren't using the Identity Awareness portal, just the agent.</P><P>And a follow-up question, if I can: if I have installed a corporate CA-issued certificate for Gaia Portal on the gateway object in SmartConsole, how can I switch to an ICA-issued certificate?</P> Wed, 16 Mar 2022 17:14:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Best-practice-for-gateway-SSL-certificates/m-p/143962#M25132 Fraser_Hess 2022-03-16T17:14:23Z