https://community.checkpoint.com/t5/General-Topics/certificate-for-https-inspection/m-p/23057#M4584 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I did had to setup HTTPS inspection and here is the way I did it.</P><P></P><P>You can use the gaia in expert mode to generate the ssl request with openSSL.</P><P>I would refer you to this article where you will find great information regarding the use of openSSL :</P><P>&nbsp;&nbsp;&nbsp;<A class="link-titled" href="https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl" title="https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl">ssl - How to create a self-signed certificate with openssl? - Stack Overflow</A>&nbsp;</P><P></P><P>You should use at minimum sha256 and&nbsp;&nbsp;RSA2048 for the public key.</P><P>Also, make sure the key is exported when signing the certificate and get the file as a pkcs12 format if possible.</P><P>Make sure&nbsp;the authority is signing the certificate with correct "certificate signing role" becose it will not work.</P><P></P><P>The certificate need to be consider as an intermediate CA.</P><P></P><P>Hope it help.</P></BODY></HTML> Thu, 10 May 2018 19:01:56 GMT Nicolas_Bernier 2018-05-10T19:01:56Z https://community.checkpoint.com/t5/General-Topics/certificate-for-https-inspection/m-p/23056#M4583 <HTML><HEAD></HEAD><BODY><P>Good day! I need to replace SHA-1 certificate on SHA-256 certificate for https-inpection o CheckPoint.&nbsp;Can I manually create the certificate file with SHA-256 algorithm in GaiA for https-inspection? Which type of certificate should&nbsp;I create in Linux that I can use &nbsp;for https-inspection?</P></BODY></HTML> Thu, 10 May 2018 11:50:05 GMT https://community.checkpoint.com/t5/General-Topics/certificate-for-https-inspection/m-p/23056#M4583 Mikhail_Kalita 2018-05-10T11:50:05Z https://community.checkpoint.com/t5/General-Topics/certificate-for-https-inspection/m-p/23057#M4584 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I did had to setup HTTPS inspection and here is the way I did it.</P><P></P><P>You can use the gaia in expert mode to generate the ssl request with openSSL.</P><P>I would refer you to this article where you will find great information regarding the use of openSSL :</P><P>&nbsp;&nbsp;&nbsp;<A class="link-titled" href="https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl" title="https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl">ssl - How to create a self-signed certificate with openssl? - Stack Overflow</A>&nbsp;</P><P></P><P>You should use at minimum sha256 and&nbsp;&nbsp;RSA2048 for the public key.</P><P>Also, make sure the key is exported when signing the certificate and get the file as a pkcs12 format if possible.</P><P>Make sure&nbsp;the authority is signing the certificate with correct "certificate signing role" becose it will not work.</P><P></P><P>The certificate need to be consider as an intermediate CA.</P><P></P><P>Hope it help.</P></BODY></HTML> Thu, 10 May 2018 19:01:56 GMT https://community.checkpoint.com/t5/General-Topics/certificate-for-https-inspection/m-p/23057#M4584 Nicolas_Bernier 2018-05-10T19:01:56Z