https://community.checkpoint.com/t5/SASE-and-Remote-Access/Steps-for-using-Third-party-CA-for-IPSEC-Remote-access-VPN/m-p/85117#M10431 <P>Hi Guys</P><P>Need your support !</P><P>i need to use third party CA in Remote access VPN.</P><P>The remote Access vpn is already configured and working, but now we want to use Certificate along with username and password authentication for users connecting via endpoint security client.</P><P>The user database resides on AD Ldap,&nbsp;</P><P>i need steps by step process (from creating CA, CSR , and importing) how to get this working,&nbsp;</P><OL class="lia-list-style-type-lower-alpha"><LI>how to ADD the trusted Ca on Dashboard, whether we have to create root CA or sub-CA from openssl&nbsp; ?</LI><LI>&nbsp;Or directly create CSR from firewall itself at first by "<STRONG>cpopenssl req -new -out &lt;CERT.CSR&gt; -keyout &lt;KEYFILE.KEY&gt; -config $CPDIR/conf/openssl.cnf"&nbsp; &nbsp;?&nbsp; and send CSR to CA to sign ?</STRONG></LI><LI><STRONG>Users are on AD using LDAP account unit, for this do i have create a "user template " and enable Encryotion&gt;enable IKE private key .</STRONG></LI></OL><P><STRONG>is anyone done this requirement and created a document for reference.</STRONG></P><P><STRONG>Any help would be appreciated.</STRONG></P><P>&nbsp;</P><P><STRONG>Thanks</STRONG></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 May 2020 22:22:44 GMT vivekumar1988 2020-05-13T22:22:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Steps-for-using-Third-party-CA-for-IPSEC-Remote-access-VPN/m-p/85117#M10431 <P>Hi Guys</P><P>Need your support !</P><P>i need to use third party CA in Remote access VPN.</P><P>The remote Access vpn is already configured and working, but now we want to use Certificate along with username and password authentication for users connecting via endpoint security client.</P><P>The user database resides on AD Ldap,&nbsp;</P><P>i need steps by step process (from creating CA, CSR , and importing) how to get this working,&nbsp;</P><OL class="lia-list-style-type-lower-alpha"><LI>how to ADD the trusted Ca on Dashboard, whether we have to create root CA or sub-CA from openssl&nbsp; ?</LI><LI>&nbsp;Or directly create CSR from firewall itself at first by "<STRONG>cpopenssl req -new -out &lt;CERT.CSR&gt; -keyout &lt;KEYFILE.KEY&gt; -config $CPDIR/conf/openssl.cnf"&nbsp; &nbsp;?&nbsp; and send CSR to CA to sign ?</STRONG></LI><LI><STRONG>Users are on AD using LDAP account unit, for this do i have create a "user template " and enable Encryotion&gt;enable IKE private key .</STRONG></LI></OL><P><STRONG>is anyone done this requirement and created a document for reference.</STRONG></P><P><STRONG>Any help would be appreciated.</STRONG></P><P>&nbsp;</P><P><STRONG>Thanks</STRONG></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 May 2020 22:22:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Steps-for-using-Third-party-CA-for-IPSEC-Remote-access-VPN/m-p/85117#M10431 vivekumar1988 2020-05-13T22:22:44Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Steps-for-using-Third-party-CA-for-IPSEC-Remote-access-VPN/m-p/85323#M10432 Multiple authentication schemes is described here: <BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86240" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86240</A><BR />For a third party CA, you have to create an OPSEC CA object, import the public key, and set the gateway to authenticate VPN access via this CA.<BR />It's described in the Remote Access VPN docs: <A href="https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuide/html_frameset.htm" target="_blank">https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuide/html_frameset.htm</A> Thu, 14 May 2020 18:20:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Steps-for-using-Third-party-CA-for-IPSEC-Remote-access-VPN/m-p/85323#M10432 PhoneBoy 2020-05-14T18:20:44Z