This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Olga_Kuts
Advisor
‎2018-03-13 02:40 AM

Endpoint Security VPN client configuration via cli

We have a need of full configuration CheckPoint VPN client via cli (authentication method - CAPI certificate). We did all settings via cli using trac.exe except for certificate import. 

How can we import certificate using cli (in particular using trac.exe)? The option of certificate importing the standard means of the Windows does not suit us.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2018-03-13 04:37 PM

If you're using CAPI, then I presume you should use Microsoft's tools to manage the certificate store.

A quick Google search brought me to: windows - Import Certificate to Trusted Root but not to Personal [Command Line] - Stack Overflow 

0 Kudos
Olga_Kuts
Advisor
‎2018-03-14 01:12 AM
In response to PhoneBoy

When we import a certificate using Microsoft's tools, the VPN connection does not establish. When importing directly through the CheckPoint VPN client - everything works.
Therefore, we are considering the option of importing through the CheckPoint VPN client, but using the command line. Why do we need the command line? We need to automate the process of installing the VPN client and its settings.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-03-14 05:46 AM
In response to Olga_Kuts

Afaik, this is not possible using standard means - see Remote Access VPN Administration Guide R80.10 for details. Here we find:

Check Point's Internal Certificate Authority (ICA) offers two ways to create and transfer certificates to remote users:


1. The administrator generates a certificate in the Security Management Server for the remote user, saves it to removable media, and transfers it to the client "out-of-band."


2. The administrator initiates the certificate process on the Security Management Server (or ICA management tool), and is given a registration key. The administrator transfers the registration key to the user "out-of-band." The client establishes an SSL connection to the ICA (using the CMC protocol) and completes the certificate generation process using the registration key. In this way:
• Private keys are generated on the client.
• The created certificate can be stored as a file on the machines hard-drive, on a CAPI storage device, or on a hardware token.
This method is especially suitable for geographically spaced-remote users.

But nothing about a CLI installation method ! I would suggest to ask CP TAC for a solution and update us when it has worked for you .

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events