This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VarunTP
Participant
‎2024-07-02 07:39 AM
Jump to solution

How to create CSR for the Security Gateway VPN access

We have External firewall Security Gateway with 3 firewalls , and my vpn certificate is getting expire and I have to generate CSR. 

Can anyone help to generate SSL for this security gateway ?  Whether I need to generate from CLI or smartconsole ? since 3 firewalls are in SG .

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-07-03 02:06 PM
Jump to solution

This is generally done in the gateway (cluster) object.
If you specify an external CA, I believe it should offer to generate a CSR.

image.png

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2024-07-03 02:06 PM
Jump to solution

This is generally done in the gateway (cluster) object.
If you specify an external CA, I believe it should offer to generate a CSR.

image.png

0 Kudos
VarunTP
Participant
‎2024-07-04 12:59 AM
In response to PhoneBoy
Jump to solution

Thanks for the response , I tried this but getting error "The direct CA certificate in the received chain doesn't match the CA certificate ". 

I checked this but couldnt resolve . This is also mention the same error 
How to fix "The direct CA certificate in the received chain doesn't match the CA certificate for whi...

lemme check , thanks 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-08 07:01 AM
In response to VarunTP
Jump to solution

Have you successfully imported each CA in the chain as suggested by the SK?
If so and you're still having issues, I suggest a TAC case: https://help.checkpoint.com 

0 Kudos
VarunTP
Participant
‎2024-07-08 07:26 AM
In response to PhoneBoy
Jump to solution

yes its worked, Thanks for the help 

0 Kudos
the_rock
Legend
Legend
‎2024-07-03 03:47 PM
Jump to solution

What Phoneboy gave is totally valid, but just wondering, when you say vpn cert is getting expired, you can simply highlight it, hit renew and thats it. It will be valid for another year, unless you do below on mgmt server and then renew the cert, it would be good for 3 years.

Andy

https://support.checkpoint.com/results/sk/sk176527

0 Kudos
VarunTP
Participant
‎2024-07-04 01:00 AM
In response to the_rock
Jump to solution

Renew option wasnt coming for this particular certificate , might be we have signed with Thirdpart CA 

0 Kudos
John_Tomasetti
Participant
‎2024-07-08 08:45 AM
In response to VarunTP
Jump to solution

In general, just follow the steps in sk69660. You can adjust the key length using the command line - if key length is a concern. This sk has worked for me for 10+ years. 

0 Kudos
VarunTP
Participant
‎2024-07-09 12:56 AM
In response to John_Tomasetti
Jump to solution

Thanks , I have done through Smart console but end up with below issue .
How to fix "The direct CA certificate in the received chain doesn't match the CA certif...
Anyway issue resolved 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top