Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Omer_Kleinstern
Employee
Employee

Check Point integration with Venafi

Hi all,

I am glad to announce that we just accomplished integration with Venafi, this integration enables automated discovery, setup and distribution of keys and certificates for HTTPS Inspection.

Integration App is available in Venafi store

 

How it works?

 

Venafi automates SSL/TLS machine identities used in Check Point inbound HTTPS inspection policies. Certificates are defined as Venafi-synced objects within Check Point and automatically kept in sync with the Venafi Platform.

 

  1. Bulk-provisioning jobs in Venafi allow new machine identities, matching specified policy, to be provided to Check Point automatically on a schedule or on-demand.
  2. Expiring certificates are automatically renewed at the CA, provisioned by Venafi to Check Point and applied in the HTTPS inspection policy.
  3.  Inspection policies are always up-to-date with the most recent version of machine identities, ensuring there are no gaps in SSL/TLS visibility, and encrypted threats are never missed.
 
 

We invite you to try it out, please feel free to contact me for questions or feedback at omerkl@checkpoint.com .

 

Thanks,

Omer

 
3 Replies
Will_H
Contributor

What does this integration do? Can it replace the outgoing SSL inspection certificate for users going from internal to the internet? 

0 Kudos
Omer_Kleinstern
Employee
Employee

Hi,

 

The integration supports certificates for inbound HTTPS traffic inspection.

 

Thanks,

Omer

0 Kudos
rajk
Explorer

Hi Omer,

We are following the below Venafi-Checkpoint integration document to automate the cert installation process on Checkpoint. But we are getting “Handshake exceptions” when we run the job. Wondering if you could help us in this. Below are the steps we have followed,

 

  • Downloaded the powershell script from “https://marketplace.venafi.com/details/check-point-ngfw/” market place
  • Installed the script to “bulk provisioning drivers” folder on Venafi TPP hosts
  • Created a checkpoint user in venafi who has access to install certificates via checkpoint manager
  • Created a Check point device in venafi and configured it to use above checkpoint user for authentication
  • Created a Job in Venafi aperture to use the powershell script to push the certificates to Checkpoint server. But the job runs are failing with below Handshake exceptions.

 

While executing the Bulk Provisioning process named \VED\Policy\test\security cert for checkpoint\checkpoint-bulkjob on \VED\Policy\test\Checkpoint_device\Checkpoint device, the following error occurred: 'Failed to install Certificates with error: The underlying connection was closed: An unexpected error occurred on a send. --> The handshake failed due to an unexpected packet format.'.

Failed to install certificates on \VED\Policy\test\security cert for checkpoint\checkpoint-bulkjob.  Error: The underlying connection was closed: An unexpected error occurred on a send. --> The handshake failed due to an unexpected packet format..  Additional error data    at Venafi.Drivers.AdaptableFramework.PowerShellCommand.Invoke(String driverScript, String pass)

   at Venafi.Drivers.AdaptableFramework.AdaptableDomainDelegate.Invoke(String driverScript, EncryptedCommand command)

   at Venafi.Drivers.AdaptableFramework.AdaptableDomainDelegate.Invoke(String driverScript, EncryptedCommand command)

   at Venafi.Drivers.AdaptableFramework.PowerShellInvoker.Invoke(EncryptedCommand command)

   at Venafi.Drivers.Applications.AdaptableBulk.a(Hashtable A_0, Hashtable A_1)

   at Venafi.Drivers.Applications.AdaptableBulk.BulkProvision(String applicationDN, String deviceDN, List`1 certificates, DeviceProvisioningStatistics statistics, CancellationToken cancellation, Config config, Log log)

0 Kudos