https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70365#M14245 <P>Hi Mates</P><P>&nbsp;</P><P>I need a hand.</P><P>We are currently migrating one of our services (skype for business) from TMG to Check Point. I am using a logical server in order to balance the traffic to our internal servers (3 servers) where the 7 DNS records that serves this application.&nbsp;</P><P>The problem that we are facing is with mobile devices, currently with TMG when a mobile device tries to connects, TMG presents them our certificate issued by Digicert, and everything works fine.</P><P>Now that we are migrating to Check Point, we are facing an issue with the certificate. With Check Point, when a mobile device tries to connect, it is presented with self-signed certificate on the internal servers, and the comunication does not work.</P><P>We requested the certificate that is being used by TMG, and it is a .pfx file.&nbsp;</P><P>Is there any way we can achieve what is being done by TMG.</P><P>&nbsp;</P><P>We are using R80.20.</P><P>&nbsp;</P><P>Thanks in advance</P><P>&nbsp;</P> Fri, 13 Dec 2019 08:13:17 GMT Di_Junior 2019-12-13T08:13:17Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70365#M14245 <P>Hi Mates</P><P>&nbsp;</P><P>I need a hand.</P><P>We are currently migrating one of our services (skype for business) from TMG to Check Point. I am using a logical server in order to balance the traffic to our internal servers (3 servers) where the 7 DNS records that serves this application.&nbsp;</P><P>The problem that we are facing is with mobile devices, currently with TMG when a mobile device tries to connects, TMG presents them our certificate issued by Digicert, and everything works fine.</P><P>Now that we are migrating to Check Point, we are facing an issue with the certificate. With Check Point, when a mobile device tries to connect, it is presented with self-signed certificate on the internal servers, and the comunication does not work.</P><P>We requested the certificate that is being used by TMG, and it is a .pfx file.&nbsp;</P><P>Is there any way we can achieve what is being done by TMG.</P><P>&nbsp;</P><P>We are using R80.20.</P><P>&nbsp;</P><P>Thanks in advance</P><P>&nbsp;</P> Fri, 13 Dec 2019 08:13:17 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70365#M14245 Di_Junior 2019-12-13T08:13:17Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70424#M14268 Logical Server objects don't have any specific support for HTTPS.<BR />That said, you might be able to combine this with inbound HTTPS Inspection where you can configure it to present the Digicert certificate.<BR />The gateway will need to be configured to trust the CA (or self-signed cert) for the Internal servers. Fri, 13 Dec 2019 16:53:33 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70424#M14268 PhoneBoy 2019-12-13T16:53:33Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70502#M14284 Hi PhoneBoy<BR /><BR />Thanks for the feedback.<BR /><BR />"That said, you might be able to combine this with inbound HTTPS Inspection where you can configure it to present the Digicert certificate."<BR /><BR />The Digicert certificate is in pfx format, I tried to import it in https inspections but it seems that this pfx is not supported. How can solve this issue?<BR /><BR />Thanks in advance<BR /><BR /> Sun, 15 Dec 2019 06:44:07 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70502#M14284 Di_Junior 2019-12-15T06:44:07Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70523#M14287 You just need to convert the certificate using OpenSSL or some other tool.<BR />A couple suggestions here: <A href="https://stackoverflow.com/questions/6819079/convert-pfx-format-to-p12" target="_blank">https://stackoverflow.com/questions/6819079/convert-pfx-format-to-p12</A> Mon, 16 Dec 2019 02:04:13 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70523#M14287 PhoneBoy 2019-12-16T02:04:13Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70614#M14303 Hi PhoneBoy<BR /><BR />I have successfully convertes the certificate into p12.<BR /><BR />How do I now present the certificates to clientes when they are trying to connect?<BR /><BR />How do I make the gateway to trust this certificate?<BR /><BR />You help is much appreciated.<BR /><BR />Thanks in advance Mon, 16 Dec 2019 22:55:24 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70614#M14303 Di_Junior 2019-12-16T22:55:24Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70615#M14304 You configure Inbound HTTPS Inspection as described in the documentation: <A href="https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide/html_frameset.htm" target="_blank">https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_NextGenSecurityGateway_Guide/html_frameset.htm</A><BR />The certificate you have to configure the gateway to "trust" in this case is the internal CA (or self-signed) certificate(s) the gateway will see when it opens the HTTPS connection to the internal hosts.<BR />This process should also be described in the documentation referenced above.<BR /><BR />Like I originally said, this might work.<BR />I don't know for sure it will. Mon, 16 Dec 2019 23:47:40 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/70615#M14304 PhoneBoy 2019-12-16T23:47:40Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71842#M14561 Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a><BR /><BR />Thanks for your help.<BR />I tried that, and it did not work. I am still getting the self-signed certificate instead of the Digicert certificate.<BR />I have opened a TAC case and still waiting on their feedback.<BR /><BR />Meanwhile, Has anyone ever implemented skype for business over a Check Point firewall and got it working? how was it implemented? because this is the only service preventing us from migrating all our services to Check Point.<BR /><BR />Thanks in advance Wed, 08 Jan 2020 10:41:29 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71842#M14561 Di_Junior 2020-01-08T10:41:29Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71891#M14572 You should start a separate thread about Skype for Business derailing the configuration and specific issues you’re running into.<BR />I do know you probably need to bypass HTTPS Inspection for those servers. Wed, 08 Jan 2020 23:26:58 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71891#M14572 PhoneBoy 2020-01-08T23:26:58Z https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71934#M14582 Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a><BR /><BR />Thanks. I will open another thread.<BR />Regards Thu, 09 Jan 2020 12:56:16 GMT https://community.checkpoint.com/t5/General-Topics/Importing-certificates-in-Check-Point-gateways-for/m-p/71934#M14582 Di_Junior 2020-01-09T12:56:16Z