https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214210#M40885 <P>The HTTPS Inspection certificate is a <STRONG>CA</STRONG> certificate.<BR />This is necessary as certificates are generated and signed&nbsp;<EM>on the fly</EM> based on where users are surfing to.<BR />It is completely unrelated to the ICA of your existing management server; thus any one can be used provided clients can be configured to trust it.</P> Tue, 14 May 2024 17:09:44 GMT PhoneBoy 2024-05-14T17:09:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214104#M40876 <P>Hi</P><P>&nbsp;</P><P>The client's HTTPS Inspection Cert expires within 6 months.</P><P>So I plan to work on replacing the certificate soon.</P><P>&nbsp;</P><P>But I have a problem.</P><P>As far as I know, if you press the certification renew button at checkpoint, the cert is automatically renewed.</P><P>As a result, there may be cases where the checkpoint gateway has 'new cert' and the client PC has 'old cert'.</P><P>the period for distributing certificates to clients after renewal is too short.</P><P>&nbsp;</P><P>So I would like to distribute the certificate a week to a month in advance.</P><P>I would like to know if there is any problem if I proceed with the process below.</P><P>&nbsp;</P><P>1.&nbsp;Issue https inspection cert from another management server</P><P>2. Distributed to clients about a month ago&nbsp;(GPO)</P><P>3.&nbsp;Import a certificate distributed by another management server to the actual server.</P><P>4.&nbsp;policy install an monitoring</P><P>&nbsp;</P><P>&nbsp;</P><P>What I am most curious about here is whether it is okay to use a certificate issued by another management server.</P><P>I don't think there will be any technical problems, and when referring to the "best parctice", I didn't see any issues.</P><P>&nbsp;</P><P>Are there any problems that may arise when proceeding with step 4 above?</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 May 2024 04:42:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214104#M40876 ChoiYunSoo 2024-05-14T04:42:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214110#M40877 <P>A Renewed certificate is different from a New cert - I think the existing certificate that is pushed out should still work after the cert is renewed, while you then get that renewed cert pushed out. I've not tested this though so if someone could confirm that would be great.</P> Tue, 14 May 2024 06:17:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214110#M40877 emmap 2024-05-14T06:17:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214117#M40880 <P>thank you for your reply</P><P>&nbsp;</P><P>I wrote this because I also needed the opinion of someone who had experienced it accurately.</P><P>The checkpoint guide document is not clearly expressed, so it is difficult to make an accurate judgment.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 May 2024 07:26:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214117#M40880 ChoiYunSoo 2024-05-14T07:26:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214210#M40885 <P>The HTTPS Inspection certificate is a <STRONG>CA</STRONG> certificate.<BR />This is necessary as certificates are generated and signed&nbsp;<EM>on the fly</EM> based on where users are surfing to.<BR />It is completely unrelated to the ICA of your existing management server; thus any one can be used provided clients can be configured to trust it.</P> Tue, 14 May 2024 17:09:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/When-renewing-the-https-inspection-cert-can-I-use-a-certificate/m-p/214210#M40885 PhoneBoy 2024-05-14T17:09:44Z