This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AaronPW
Contributor
‎2024-11-25 02:07 PM

How to install a wildcard certificate without generating a CSR from each gateway

Hello. 

I'm trying to use a 3rd party wildcard certificate for GAIA portal access to some of our firewalls.  A CP engineer and I installed wildcard.key file as server.key and the .crt file as server.crt but the IP was still resolving to the ISP domain name so it was giving a domain mismatch error. 

I got that fixed and now the ip resolves to our domain but the website still shows an error and says that the domains do not match. 

I got a new engineer who says we have to do a CSR for each gateway and cannot use the wildcard certificate. 

Is this the case or were we just not communicating?

Labels
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2024-11-25 03:29 PM

As far as I know, this is supported.
Are you accessing the Gaia WebUI by FQDN?

0 Kudos
the_rock
Legend
Legend
‎2024-11-25 07:13 PM

Im fairly positive you can use wildcard cert, had seen customers do it before.

Andy

0 Kudos
Daniel_
Advisor
‎2024-11-26 06:23 AM

Do you use a IP-address for the gateway? That's not possible. The wildcard just includes domains. There is not wildcard IP-address certificate. You have to use FQDN.

0 Kudos
CP_Chris
Employee Employee
Employee
a week ago

If you are wanting to change the GAIA portal certificate - you want to use the Platform Portal section of the Gateway Properties to change the certificate. Don't manually change the files at the CLI. I think it is possible to edit the files, then restart the service, but with the multiportal it is easier to do it this way. Just don't forget to install the policy after making the change.

 
 

portal cert.jpg

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events