This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Benjamin_Huss
Participant
‎2018-10-25 01:44 AM

Database Revision - SSL-Inspection Certificate backed up?

Hi there,

I have a question regarding database revision control.

Is there anything else being backed up besides firewall policies when creating a new database version?

A customer needs to install a new certificate for ssl-inspection but does not have a backup of the old certificate (.p12).

Or is there maybe another way to extract the current certificate with the private-key and possible intermediate certificates?

Benjamin

2 Replies
PhoneBoy
Admin
Admin
‎2018-10-25 01:49 PM

I presume the certificate would be part of a database revision, but you're also talking about extracting the certificate.

Which certificate?

  • Outbound inspection: It's a single CA
  • Inbound inspection: A single certificate per server

Either way, I don't believe we provide a mechanism to extract the private key.

0 Kudos
Dor_Marcovitch
Advisor
‎2018-10-25 05:11 PM

Take a backup, neitherway i dont ubderstand the need of backing up the old outbound certificate.

There is no way to export a certificate's private key with checkpoint products.

Just issue a new ca certificate for the ssl inspection and spread it to the organisation.

If the customer already has some ca authority in use within his network you can issue a certificate from the "subordonate certificate authority" template it will be more best practice and you wont need to speard the certificate in orser to use it.