Afaik, this is not possible using standard means - see Remote Access VPN Administration Guide R80.10 for details. Here we find:
Check Point's Internal Certificate Authority (ICA) offers two ways to create and transfer certificates to remote users:
1. The administrator generates a certificate in the Security Management Server for the remote user, saves it to removable media, and transfers it to the client "out-of-band."
2. The administrator initiates the certificate process on the Security Management Server (or ICA management tool), and is given a registration key. The administrator transfers the registration key to the user "out-of-band." The client establishes an SSL connection to the ICA (using the CMC protocol) and completes the certificate generation process using the registration key. In this way:
• Private keys are generated on the client.
• The created certificate can be stored as a file on the machines hard-drive, on a CAPI storage device, or on a hardware token.
This method is especially suitable for geographically spaced-remote users.
But nothing about a CLI installation method ! I would suggest to ask CP TAC for a solution and update us when it has worked for you .
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist