Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
VarunTP
Participant
Jump to solution

How to create CSR for the Security Gateway VPN access

We have External firewall Security Gateway with 3 firewalls , and my vpn certificate is getting expire and I have to generate CSR. 

Can anyone help to generate SSL for this security gateway ?  Whether I need to generate from CLI or smartconsole ? since 3 firewalls are in SG .

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

This is generally done in the gateway (cluster) object.
If you specify an external CA, I believe it should offer to generate a CSR.

image.png

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

This is generally done in the gateway (cluster) object.
If you specify an external CA, I believe it should offer to generate a CSR.

image.png

0 Kudos
VarunTP
Participant

Thanks for the response , I tried this but getting error "The direct CA certificate in the received chain doesn't match the CA certificate ". 

I checked this but couldnt resolve . This is also mention the same error 
How to fix "The direct CA certificate in the received chain doesn't match the CA certificate for whi...

lemme check , thanks 

0 Kudos
PhoneBoy
Admin
Admin

Have you successfully imported each CA in the chain as suggested by the SK?
If so and you're still having issues, I suggest a TAC case: https://help.checkpoint.com 

0 Kudos
VarunTP
Participant

yes its worked, Thanks for the help 

0 Kudos
the_rock
Legend
Legend

What Phoneboy gave is totally valid, but just wondering, when you say vpn cert is getting expired, you can simply highlight it, hit renew and thats it. It will be valid for another year, unless you do below on mgmt server and then renew the cert, it would be good for 3 years.

Andy

https://support.checkpoint.com/results/sk/sk176527

0 Kudos
VarunTP
Participant

Renew option wasnt coming for this particular certificate , might be we have signed with Thirdpart CA 

0 Kudos
John_Tomasetti
Participant

In general, just follow the steps in sk69660. You can adjust the key length using the command line - if key length is a concern. This sk has worked for me for 10+ years. 

0 Kudos
VarunTP
Participant

Thanks , I have done through Smart console but end up with below issue .
How to fix "The direct CA certificate in the received chain doesn't match the CA certif...

Anyway issue resolved 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events