This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TonyStark
Participant
‎2022-05-16 10:42 PM

Check Point Endpoint SSL Certificate Change impacts

Hello!

We want to change our Endpoint SSL-Certificate on our management server. We know how to do it but we don't know if there is any kind of impact to the client connections. So will the  clients still be connected to the Endpoint-server or will they lose there connection due to a change of the fingerprint or similar?

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2022-05-16 11:29 PM

Can you elaborate please?

0 Kudos
TonyStark
Participant
‎2022-05-16 11:42 PM
In response to _Val_

We are running a Endpoint-Server with certificates signed by a internal CA. Nessus-scans report that the certificate is self-signed. Now we want to implement a CSR as done here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

The certificate is backed up and it seems to be the right "tutorial" thats what we need. But we also need to know if Clients will stay connected to the Endpoint-Server after implementing this or if they lose connection due to whatever reason there could be

0 Kudos
_Val_
Admin
Admin
‎2022-05-17 01:33 AM
In response to TonyStark

Firstly, you can ignore Nessus results, self-signed here does not present a security risk of any kind. 
Secondly, you will have a wide endpoint impact, they will not be able to reconnect, until each client accepts the new cert, or is fully redeployed.

0 Kudos
ealtun
Explorer
‎2022-05-17 03:59 AM

Hi,

firstly you need to create certificate and import for endpoint client .Than you need to create ssl inspection certificate and import to ssl inspection blade.Thats generel information for ssl inspection.

congratulations

 

0 Kudos