- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Dear all,
I want to replace my Gaia (R80.10) default Certificate with my Internal windows 2012 CA (2-tier PKI).
Would you like to tell me how to do it?
Thanks.
B.R
Alex
mpdaemon pid of the process 5566 so yes it is running at the moment , I guess that now you have to consult with your partner and start to put down an action plan for that request
This should fit your needs , have fun
thanks.
yes, I know this kb.
the question is after I running the command according to
"Show / Hide instructions for Gaia Portal on Security Gateway with enabled Multiportal feature"
[Expert@HostName:0]# [ $(pidof mpdaemon) ] && ps --no-heading -o pid,ppid,cmd --ppid $(pidof mpdaemon)
the out put is not an empty string... it is "5607 5565........." see the pic below
so the correct
Procedure:
Connect with SmartConsole to Security Management Server / Domain Management Server.
Open the Security Gateway / Cluster object.
Go to "Platform Portal" pane.
In the section "Certificate", click on "Import" and choose the certificate.
question: if i don't request CSR, how to create a certificate?
You don't , the ca need to have a csr for signing a certificate.
I never follow the sk to be honest so I can't help on that output but thos should be the pid of the process
the process depends if you are changing the cert on the gw or on the management server. if you are changing the cert on the gw , another question raise , do you have other portals running like Mobile access, captive portal, usercheck, etc.
On the gw, if you have multi portal daemon running you have to do it from smartconsole. if you don't have multi-portal daemon you have to follow the provided Sk.
In order to use the certificate you have to generate a csr. you generate csr from any Linux or windows machine and sent it to the CA to sign it.
Based on your description, you want to change the gaia portal cert with your CA cert. You are mixing 2 things the server certificate and the signing certificate and they are different. Gaia uses server certificate.
thanks. but I don't know if multiportal is enabled. see the pic below.
You can use the command "mpclient list" to see which portals are enabled or you can use the command "cpwd_admin list" to see if the mpdaemon is running or not (in general if you have other portals running like captive portals, mobile access, usercheck page, any other portal not gaia portal then mpdeamon is running). in addition to that if you need to install the certificate through smartconsole you need the certificate in P12 format.
The following sk should work for any portal (Same steps for all portals, you can generate the CSR and the private key from any machine it doesn't have to be the checkpoint device.) when multiportal deamon is running
Thanks
Thanks. Please help me check if the mpdaemon is running or not. (though mobile access is not activated in my environment, but I would like to use it in the future)
in my environment, I have 2 GWs(CP4600, clustered) and 1 smartcenter-1 205.
How to generate certificates for them? (AS clustered GW has a virtual IP, I can access GW via the virtual IPD address)
as I understand, each GW needs to generate a server certificate, smartcenter needs too. but what about the virtual IP ?
B.R
Alex
mpdaemon pid of the process 5566 so yes it is running at the moment , I guess that now you have to consult with your partner and start to put down an action plan for that request
thanks
when generating CSR, I got the following error
below is the setting.
the IP is correct, but ...
If you already have certificate and key you only need to do the last steps:
Backup the current certificate file "server.crt" and certificate key file "server.key" in the "/web/conf/" directory:
[Expert@HostName:0]# cp /web/conf/server.crt /web/conf/server.crt_ORIGINALReplace the current files certificate file "server.crt" and certificate key file "server.key" in the "/web/conf/" directory with the new certificate file and certificate key file:
[Expert@HostName:0]# cp /path_to_new_files/server.crt /web/conf/server.crtVerify that the certificates have changed:
[Expert@HostName:0]# cat /web/conf/server.crtRestart the Gaia Portal process:
[Expert@HostName:0]# tellpm process:httpd2the question is I don't have certificate and key, I need to generate csr
csr syntax is not correct should be like
cpopenssl req -new -out <CERT.CSR> -keyout <KEYFILE.KEY> -config $CPDIR/conf/openssl.cnf
I referred to the kb
How to create and set certificate for Gaia Portal
on the security management gateway, it works, but on the security gateway, it doesn't.
B.R
Alex
solution in this link : https://qostechnology.in/blog/ssl-certificate-on-check-point/
generate csr:
cpopenssl req -new -newkey rsa:2048 -nodes -out fw.csr -keyout fw.key -config $CPDIR/conf/openssl.cnf
Thanks ! It's works.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
31 | |
16 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY