https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177743#M5200 Hello Team, I would like to integrate Checkpoint with RSA SecurID REST authentication, not the SDK implementation, according to this guide <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm</A> I have a question in this field about the certificate in particular:- Edit the $CPDIR/conf/RSARestServer.conf file. Fill in these fields: host - The configured host name of the RSA server. port, client key, and accessid - From the RSA SecurID Authentication API window. certificate - The name of the certificate file. 1- In case the REST API FQDN is based on intermediate and Root Certificate, which format is supported in Checkpoint ? p7b or pem 2- In the Certificate field, shall I put the certificate in the same directory of conf or specify the full path in this configuration file ? Since this was not mentioned in the guide, thanks for anyone to elaborate, I appreciate it. David Sun, 09 Apr 2023 18:58:29 GMT david_stardust 2023-04-09T18:58:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177743#M5200 Hello Team, I would like to integrate Checkpoint with RSA SecurID REST authentication, not the SDK implementation, according to this guide <A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topics-SECMG/Configuring-SecurID-Authentication.htm</A> I have a question in this field about the certificate in particular:- Edit the $CPDIR/conf/RSARestServer.conf file. Fill in these fields: host - The configured host name of the RSA server. port, client key, and accessid - From the RSA SecurID Authentication API window. certificate - The name of the certificate file. 1- In case the REST API FQDN is based on intermediate and Root Certificate, which format is supported in Checkpoint ? p7b or pem 2- In the Certificate field, shall I put the certificate in the same directory of conf or specify the full path in this configuration file ? Since this was not mentioned in the guide, thanks for anyone to elaborate, I appreciate it. David Sun, 09 Apr 2023 18:58:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177743#M5200 david_stardust 2023-04-09T18:58:29Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177748#M5201 <P>I figured it out and it needs the certificate in the same directory as&nbsp;<SPAN>$CPDIR/conf/ and also .pem as the extension. Now the last question would be :</SPAN></P><P><SPAN>I have multiple replica servers for RSA Authentication Manager, how can I do the load balancing or try another if one fails? I tried adding comma and ; between the host entries and it never understands it. Do I need to create a separate like this one ?</SPAN></P><P>&nbsp;</P><P><SPAN>(<BR />:host (7sp1.dawoud.com)<BR />:port (5555)<BR />:clientKey (l181du8y9sc236bmk8qdff4763t7sf360oo4i4ywt5wh46769721m66qm272o43d)<BR />:accessId (rmtn51e85ljue2k2d450531kxy8ef78m385785w480rraqe22h0i034i43lw0i63)<BR />:certificate (7sp1RootCA.pem)<BR />)</SPAN></P><P><SPAN>(<BR />:host (7sp1rep.dawoud.com)<BR />:port (5555)<BR />:clientKey (l181du8y9sc236bmk8qdff4763t7sf360oo4i4ywt5wh46769721m66qm272o43d)<BR />:accessId (rmtn51e85ljue2k2d450531kxy8ef78m385785w480rraqe22h0i034i43lw0i63)<BR />:certificate (7sp1RootCA.pem)<BR />)</SPAN></P><P>&nbsp;</P><P><SPAN>or how should it be done ? We can setup an API Gateway to loadbalance but asking if there is a way to add the hostnames for the other RSA Replicas in the same configuration file ?</SPAN></P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P><P><SPAN>David</SPAN></P> Mon, 10 Apr 2023 00:08:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177748#M5201 david_stardust 2023-04-10T00:08:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177749#M5202 <P>I tried space between hostnames and add like above , also tried adding comma, ; , and slashes , tried to have space between hostnames and still it doesn't work, it only works when I put 1 hostname. Can someone please help?</P><P>thanks.</P><P>David</P> Mon, 10 Apr 2023 00:51:06 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177749#M5202 david_stardust 2023-04-10T00:51:06Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177807#M5203 <P>I suspect we do not allow adding multiple hosts in the relevant configuration.<BR />This should be taken with the TAC and confirmed: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Mon, 10 Apr 2023 23:18:10 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Integrating-with-RSA-SecurID-REST/m-p/177807#M5203 PhoneBoy 2023-04-10T23:18:10Z