Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Steps for using Third party CA for IPSEC Remote access VPN (Endpoint security client)

Hi Guys

Need your support !

i need to use third party CA in Remote access VPN.

The remote Access vpn is already configured and working, but now we want to use Certificate along with username and password authentication for users connecting via endpoint security client.

The user database resides on AD Ldap, 

i need steps by step process (from creating CA, CSR , and importing) how to get this working, 

  1. how to ADD the trusted Ca on Dashboard, whether we have to create root CA or sub-CA from openssl  ?
  2.  Or directly create CSR from firewall itself at first by "cpopenssl req -new -out <CERT.CSR> -keyout <KEYFILE.KEY> -config $CPDIR/conf/openssl.cnf"   ?  and send CSR to CA to sign ?
  3. Users are on AD using LDAP account unit, for this do i have create a "user template " and enable Encryotion>enable IKE private key .

is anyone done this requirement and created a document for reference.

Any help would be appreciated.

 

Thanks

 

 

0 Kudos
1 Reply
Highlighted
Admin
Admin

Multiple authentication schemes is described here:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
For a third party CA, you have to create an OPSEC CA object, import the public key, and set the gateway to authenticate VPN access via this CA.
It's described in the Remote Access VPN docs: https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuid...
0 Kudos